From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: documentation/behavior unclear of (tor-hidden-service) Date: Mon, 6 Mar 2017 20:19:02 +0000 Message-ID: <20170306201902.sadyh4jmt5yuuo7r@abyayala> References: <20170304155916.slok53nrcporwwat@abyayala> <20170304162126.urcuuh6b5wg3eequ@abyayala> <87innmww4z.fsf@gnu.org> <20170306120820.libvu2akv34jmrrd@abyayala> <20170306081900.4802e21b@khaalida> <20170306180030.ginyp6tywg2jcpps@abyayala> <20170306184712.GE2185@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49773) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cky1a-0003Oy-2X for guix-devel@gnu.org; Mon, 06 Mar 2017 14:10:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cky1V-0007rY-9q for guix-devel@gnu.org; Mon, 06 Mar 2017 14:10:26 -0500 Received: from perdizione.investici.org ([94.23.50.208]:43271) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cky1U-0007rI-W2 for guix-devel@gnu.org; Mon, 06 Mar 2017 14:10:21 -0500 Content-Disposition: inline In-Reply-To: <20170306184712.GE2185@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org On 17-03-06 13:47:12, Leo Famulari wrote: > On Mon, Mar 06, 2017 at 06:00:30PM +0000, ng0 wrote: > > from my experience they are not needed for a relay. Okay, they would be > > useful to increase security and to see how how Chinese government > > officials and their automated services want to get into your server, but > > it's not really necessary for the relay. > > Slight nitpick: In my experience with iptables, it's not just Chinese > officials that want to break in to my servers, but rather a dazzling > multitude of people from all over the world ;) > My experience with OpenNIC and tor on the server side was that it's mostly government IPs running lazy standard methods trying to get in where they won't get in anyway. Just don't use port 22, rate-limit connections (with OpenNIC this worked a bit) and the IPs which traced back directly to those red zones in chinese cities marked as "military/government zones" went away :). But yeah, with tor they were in company of russia, USA, and other nations trying to do the same ;D