Opened 8 years ago

Closed 13 months ago

#3469 closed defect (wontfix)

Anomalous Ports in Exit Policies

Reported by: atagar Owned by: chiiph
Priority: High Milestone:
Component: Archived/Vidalia Version:
Severity: Normal Keywords: archived-closed-2018-07-04
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi, the port selections for Vidalia's exit policies [1] seem to have a few anomalies...

18:18 < atagar> chiiph: in looking around I can't find anything saying that port 8300 is used for IM traffic (... or really much of anything)
18:18 < chiiph> atagar: I assume you are still talking about exit policies and the ports it allows, yes?
18:19 < atagar> yup, I'm writing the exit policies section of a realy setup wizard and looking into what vidalia does
18:19 < chiiph> ok
18:19 < chiiph> well, I'm not sure why that port is there actually :)
18:20 < atagar> Weird, 8888 is for HyperVM. I wonder why that's there too...
18:22 < asn> (also, maybe comment saying '703' should be changed to '706' to match the code and SILCd's port)
18:22 < atagar> yup, that threw me off for a while :)
18:37 < velope> port 8300 - Transport Management Interface
...
18:59 < atagar> chiiph: more issues - 194 and 6679 are sometimes used for IRC, 531 is also evidently related to both IRC and AIM, and 7000-7001 *isn't* used for IRC but is a default port for a bittorrent tracker (Vuze)
18:59 < atagar> that last one seems very bad
19:00 < atagar> I'll go ahead and file a ticket for this
19:00 < chiiph> ok, thanks
19:01 < Riastradh> 7000 is sometimes used for IRC.
19:01 < Riastradh> oftc uses 6697 for TLSifid IRC.
19:03 < atagar> Hmm, yup, spotting some mentions of irc on 7000. On the other hand including a torrent default's bad for exits due to dmca takedowns. Not sure which way we'd like to go on that one...

Descriptions of common port uses can be found at:
https://secure.wikimedia.org/wikipedia/en/wiki/List_of_TCP_and_UDP_port_numbers

Also, the IM option is missing quite a few protocols that are prevalent elsewhere in the world. I'd propose that we adopt the following for this option...
706 (SILC)
1863 (MSN)
5050 (Yahoo)
5190 (ICQ, AIM)
5222 (Jabber)
5223 (Jabber over SSL)
1677 (GroupWise)
8074 (Gadu-Gadu)
8000-8001 (Tencent QQ)
1533 (Sametime)
2102-2104 (Zephyr)

This includes all of the TCP based protocols supported by Pidgin. If any of them are bad news then I'd love to know (I'm writing a similar setup wizard for relay setup so looking for sane defaults).

Port 531 is listed as being related to both AIM and IRC so I'm not sure what we'd like to do with that one. In my case I'll probably join the IM/IRC options (I'm not sure why they were split...).

Cheers! -Damian

[1] https://gitweb.torproject.org/vidalia.git/blob?f=src/vidalia/config/ServerPage.cpp#l55

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by atagar

Scratch the Tencent QQ entry. Port 80 covers its TCP activity and 8000 is for UDP:
http://protocolinfo.org/wiki/QQ#Ports

comment:2 Changed 8 years ago by chiiph

Vidalia right now is using tor's default. May be we should see this from the tor side first?

comment:3 Changed 8 years ago by atagar

As discussed on irc this is about problems in the purpose => port assignments. That said, it might be a good idea to switch to the reduced exit policy in Vidalia. My suggestions for Vidalia exit policy changes are...

  • Correct the purpose => port assignments. That's what this ticket is about. Here's the mappings that I use for arm (it differs in a few categories and uses the reduced policy, but maps fairly well):

https://gitweb.torproject.org/arm.git/blob/HEAD:/src/settings.cfg#l836

  • Start a discussion to see if we should switch to the reduced exit policy. There's tradeoffs since this will bloat the consensus entry, but provide exits with fewer DMCA takedown notices. I brought this up in the 'Exit-by-default Windows package' tor-assistants@ thread, but unfortunately it didn't get any traction. Here's the policy:

https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

  • Merge the IM and IRC policy check boxes, unless you see a good purpose for having them separated.
  • I'd also suggest dropping the separate 'plaintext web traffic / secure web traffic' options since it's giving users easy check boxes to have a configuration we'd BadExit. Rather, for arm I have a "allow plaintext traffic" checkbox that, if unchecked, removes unencrypted ports from the ExitPolicy:

https://gitweb.torproject.org/arm.git/blob/HEAD:/src/settings.cfg#l915

Cheers! -Damian

comment:4 Changed 6 years ago by zenbowman

I'm working on making the exit policies configurable, i.e. associate purpose=>port assignments in a vidalia config file instead of hardcoding them in the source files, so any subsequent changes to port assignments will be simpler.

comment:5 Changed 6 years ago by zenbowman

Status: newneeds_review

Here's a solution to this ticket which adds a portConfiguration file which is read by Vidalia (expected to be in the application directory in which vidalia resides).

https://github.com/ZenBowman/vidalia-fork/commit/0aa41b6c90fa35818561cca866cfcf5dd632c880

Let me know what to do next.

comment:6 Changed 20 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:7 Changed 13 months ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: needs_reviewclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.