Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes]
On Tue, January 29, 2008 09:20, Pei Hanru wrote: I've long wondered if there is (will be) an option for excluding nodes solely at exit? http://exitlist.torproject.org/ You'll get the whole exit nodes list, then you can filter out unwanted nodes. ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My webstuff: http://sidbox.homelinux.org/ My GnuPG key id: 0x86A91047
Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes]
Sorry, I am a beginner, I still do not know how to get the whole exit list. I use dig according to this page, but it responses: ; DiG 9.4.1-P1 209.137.169.81.6667.4.3.2.1.ip-port.exitlist.torproject.org ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 51792 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;209.137.169.81.6667.4.3.2.1.ip-port.exitlist.torproject.org. IN A ;; AUTHORITY SECTION: exitlist.torproject.org. 44 IN SOA exitlist-ns.torproject.org. tordnsel.torproject.org. 0 1800 1800 1800 1800 I don't know if there is something wrong? - Original Message - From: Marco Bonetti [EMAIL PROTECTED] To: or-talk@freehaven.net Sent: Tuesday, January 29, 2008 4:30 PM Subject: Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes] On Tue, January 29, 2008 09:20, Pei Hanru wrote: I've long wondered if there is (will be) an option for excluding nodes solely at exit? http://exitlist.torproject.org/ You'll get the whole exit nodes list, then you can filter out unwanted nodes. ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My webstuff: http://sidbox.homelinux.org/ My GnuPG key id: 0x86A91047
Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes]
Hello, You can get a list of all tornodes or only exit nodes on one of the following TorStatus sites: http://torstatus.all.de/ http://arachne.doesntexist.org/ https://arachne.doesntexist.org/ http://torstatus.blutmagie.de/ http://torstatus.cyberphunk.org/ http://tns.hermetix.org/ http://torstatus.kgprog.com/ https://torstatus.kgprog.com/ http://kradense.whsites.net/tns/ https://torstat.xenobite.eu/ Hope this helps! Ruediger Jackie schrieb: Sorry, I am a beginner, I still do not know how to get the whole exit list. I use dig according to this page, but it responses: ; DiG 9.4.1-P1 209.137.169.81.6667.4.3.2.1.ip-port.exitlist.torproject.org ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 51792 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;209.137.169.81.6667.4.3.2.1.ip-port.exitlist.torproject.org. IN A ;; AUTHORITY SECTION: exitlist.torproject.org. 44 IN SOA exitlist-ns.torproject.org. tordnsel.torproject.org. 0 1800 1800 1800 1800 I don't know if there is something wrong?
Re: How to remove some useless nodes
To remove these fucking nodes mannually one by one is a boring job!!! I wonder where to get a router list which contains information about country, or just a exit nodes list is much more better! Does Tor keep a copy of router list on my PC? - Original Message - From: Gregory Maxwell [EMAIL PROTECTED] To: or-talk@freehaven.net Sent: Monday, January 28, 2008 9:39 PM Subject: Re: How to remove some useless nodes On Jan 26, 2008 10:08 PM, Kraktus [EMAIL PROTECTED] wrote: On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. It would be interesting if tor exits used passive connection monitoring to figure out if they are on a content modifying or censoring network, then made a note of it in the directory. Users could then choose to avoid that exit while people interested in censorship or neutrality would have a shortlist to do research from. Some types of censoring are pretty subtle and couldn't easily be detected this way, but the Great Firewall is pretty obvious.
Re: How to remove some useless nodes
On Monday 28 January 2008 18:34:52 F. Fox wrote: 孙超 wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if linkage with nodes within China is completely useless for us to break the censorship. Usually, we can cut off such connection in tor's graphic window vidalia manually, but it very bothering, we must keep an eye on whether there is linkage within China. I wonder if there is some way to remove nodes located in China. Although I'm not in a country like China, nor do I know a solution, do know that I support any effort which makes Tor a better tool for circumventing the Great Firewall. The ability to exclude nodes by [approximate] geography would be a nice feature; taking a look at TorStatus, I notice that the nodes (including my own) are already identified with their country of origin. This isn't the first time I've plugged this feature of TorK and it probably won't be the last. Some of you seem to be Linux users, so this is just to let you know if you install TorK you can exclude routers on the basis of country code with a couple of clicks. The caveat is that the identification of the router's country of origin is only as good as the maxmind geoip db - which is fairly reliable in 99.X% of cases. http://tork.anonymityanywhere.com signature.asc Description: This is a digitally signed message part.
Re: How to remove some useless nodes
On Jan 26, 2008 10:08 PM, Kraktus [EMAIL PROTECTED] wrote: On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. It would be interesting if tor exits used passive connection monitoring to figure out if they are on a content modifying or censoring network, then made a note of it in the directory. Users could then choose to avoid that exit while people interested in censorship or neutrality would have a shortlist to do research from. Some types of censoring are pretty subtle and couldn't easily be detected this way, but the Great Firewall is pretty obvious.
Scripted exclusion of nodes? [Was: How to remove some useless nodes]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kraktus wrote: You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. (snip) Sadly, China's government would likely spend the resources to constantly randomize their nodes, one way or the other. Perhaps a script (set as a cron job?) could be used to find Chinese nodes in the Tor directory on a regular basis, update the ExcludeNodes section of the torrc, and do a sudo killall -s SIGHUP tor to load it. I'll have to think it over... perhaps I could use it to get some scripting practice? =;o) (Do note that this is UNIX-centric; if you're using Vidalia [as the original poster said], I don't think it would be that easy.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54k/ej8TXmm2ggwAQjm+BAAlUJyyj8yDbcN35wFxdmG4eVp0wrsCpSK 84ZdDcZJI3DbTCOH8Utok5caPKoDnorM5y+Vm1IM7xLf6fS+iY8X5dBF1Bg+9Yk2 sClrPRpqVxj6PNmbvMUG7HIrreXcYlTGX/yzy9zpx2afuxt15JVDinT6mN8xSAwa 41Jpbywh0EEKFitZcLYmpxoW2sXDZi1iAA69JXQ5btj+HIBmn8ayZ6JSXWU4ynn1 bEXz7MIO2ZOYrQSHJPChRwYJnQG75cUZWGoFv6u0oTIWBh2n3FsboVHWdZOU7mBK DQ7O0WffwI3ZvzQp9Pr77Y/s+RGgJB6ORUm3oVxz4TteEGyz7f3NJT5LHoNYwsi7 3XDaTvpM+zsfV7Jw9h4vLHvJ93l9AKkKn+W+MnHfmQAju3jmPQ0wK5MA+6nDUqCi h0S/UAV8tQu7NIlRqWaVVMRejmIixnd5xPgwtJKaj7FPuZovMF3VqpsnSAeFEti+ eheOp8Pc25wmblkqV5MZHLECiBaOgSjVVkH1foY920CTHw0rPvqyPXjQVPFlJmq4 LBb/tqR6hjmm7+tH2FMaPmc18T253a8hhMUEINqF8uiZoOqTYLc28TjJOmXcG7H1 7sWEyx6QxL2FwHPExYVW+e4Qy40QDTeAP3WC71itmTIsUX/XIqrb0E84is8CVxng ckubjQ74+CQ= =1amc -END PGP SIGNATURE-
Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes]
F. Fox wrote on 29.01.2008 00:54: Kraktus wrote: You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. (snip) Sadly, China's government would likely spend the resources to constantly randomize their nodes, one way or the other. I suppose they wouldn't as this don't make much sense from the economic POV. As topic-starter (sorry, I don't speak Chinese, and can't read his name) said, it makes no sense to use exit-nodes located in China to avoid the Great Firewall. Don't forget it shouldn't necessarily be caused by some purposeful Chinese government's actions to poison the Tor network with 'fake' nodes. Even if Tor-client uses some legitimate exit-node located in China, she will get censored content just because that's what exit-node is receiving from the ISP. Perhaps a script (set as a cron job?) could be used to find Chinese nodes in the Tor directory on a regular basis, update the ExcludeNodes section of the torrc, and do a sudo killall -s SIGHUP tor to load it. I'll have to think it over... perhaps I could use it to get some scripting practice? =;o) (Do note that this is UNIX-centric; if you're using Vidalia [as the original poster said], I don't think it would be that easy.) -- SATtva | security privacy consulting www.vladmiller.info | www.pgpru.com
Re: How to remove some useless nodes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 孙超 wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if linkage with nodes within China is completely useless for us to break the censorship. Usually, we can cut off such connection in tor's graphic window vidalia manually, but it very bothering, we must keep an eye on whether there is linkage within China. I wonder if there is some way to remove nodes located in China. Although I'm not in a country like China, nor do I know a solution, do know that I support any effort which makes Tor a better tool for circumventing the Great Firewall. The ability to exclude nodes by [approximate] geography would be a nice feature; taking a look at TorStatus, I notice that the nodes (including my own) are already identified with their country of origin. - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54gS+j8TXmm2ggwAQiVpRAAvk36odM1GPfOiHQ7bAyzaly4IFyqogDB 79BtSzPKwLBCJR0hU/vmgOJHYxw3x+hAki6Q6rYFFk3MWO1m1e6u+vTgTc1L4EO1 rzuZSW/Q3+W1g9ynSeqwupgi30OL5wnOQMl8LhgSm9uVqnHa22F91fviOapbC9Na +G+y4HFdNyvLMY2rAc9FGOHXlWHldZpV16jf2BFhe6M4t6uYUpXIaR6NZ7ssuciO XeIiWjAxMo/7aGt1ps2QwaEpCi3DsDE/gCKZaJ4j80Mq5Obd5kOKlovuxlRualeq nCEJn8DS9R35mLmoH6UVZe9agJ8vyq3HRl4iqox7fVTqLliLrA5aK7orI9mrjFbs E2Ml/0C3p0rhSzUxSzrys0yY04DrKdQE4T30vVAP+A9fdXkBWGboB+rgW1ZyvzTZ Vk/o5uSYjf0sEymkNXJjC2CpuTc2DjfLL+hBNQB1ReQEmRUglce11RHw6ObTPy5P 7z/K7NOiRFIOApxwil1mgXQrnK49gOExxgZHLTdoBYLLQwA+7ZzkVbmTOPLAAe9k pxtCwvvOvf61zEKVPRFVUpWWa5n2rTAUDQN8ZjvpR+KIOXz1Hhf0TM21aUqzresF 92FC8ZDf5O7aCySpnsEAv0ITGyrSmEAdwXCs4YeC5fySiLi90q4g/N5LTqpdtizN vE+0g5zk63M= =S5FI -END PGP SIGNATURE-
Re: How to remove some useless nodes
On Jan 27, 2008 11:08 AM, Kraktus [EMAIL PROTECTED] wrote: You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. A crude approach would be to write a script that checks [vidalia-config-directory]\geoip-cache for IP addresses located in China, and then extract fingerprints of the Tor nodes on those IPs from [tor-config-directory]\cached-descriptors to build up your ExcludeNodes list. The enclosed perl script does just this. It should be self-explanatory enough. It produces one ExcludeNodes line to be included in your torrc file. Instead of the geoip-cache file, you can also use country IP blocks from www.ipdeny.com to match IP to country. Yet another alternative using public tor status pages was discussed on this list: http://archives.seul.org/or/talk/Jul-2006/msg00079.html Cheers, John #!/usr/bin/perl # Usage if (@ARGV != 3) { print Usage: $ENV{'_'} [2-letter-country-code] [descriptors-file] [geoip-file] \n; exit(1); } $ARGV[0] = uc($ARGV[0]); # Build ip-to-country hash table from geoip cache open(GEOIP,$ARGV[2]); while (GEOIP) { ($ip,undef,undef,$country,undef) = split(/,/); $geoip{$ip} = $country; } # Parse descriptor file and extract fingerprints open(DESC,$ARGV[1]); $switch = false; while (DESC) { chomp; @params = split(/ /); if ($params[0] eq 'router') { $switch = $geoip{$params[2]} eq $ARGV[0]; } elsif ($switch $params[0] eq 'opt' $params[1] eq 'fingerprint') { push(@exclude,'$' . join('',@params[2 .. $#params])); } } print 'ExcludeNodes ',join(',',@exclude),\n;
Re: How to remove some useless nodes
You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if linkage with nodes within China is completely useless for us to break the censorship. Usually, we can cut off such connection in tor's graphic window vidalia manually, but it very bothering, we must keep an eye on whether there is linkage within China. I wonder if there is some way to remove nodes located in China. If someone knows how to do, plz tell me, Thanks!!!