Re: [tor-talk] Running an exit node which exits on a different IP than it listens to
On Tue, 24 Jun 2014 15:07:16 +0200 Anders Andersson pipat...@gmail.com wrote: The reason would be to minimize the chances of the exit IP ending up in some overzealous blacklist. I think the long-time position of the Tor project was that if someone wants to block all Tor exit relays, they should be able to do so. I'm pretty sure that a lot of the blacklist operators just scrape the public list of relays and then they end up in a lot of places where the customer is not even aware what is being blocked. This is painfully obvious to people running a non-exit relay from home, when trying to use IRC or other services. And sorry but this is just a non-sequitur. Clueless blocking of non-exit relays is bad, therefore _EXIT_ relays should now start evading blocklists. -- With respect, Roman signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Running an exit node which exits on a different IP than it listens to
Is the collateral damage from trying to play hide-and-seek from RBL services really worth it? .. the overzealoous RBL operators just want to catalog proxy servers so website ops can decide if they want the headache or not -- which is a perfectly valid concern. Overzealous is what happens when you try and play games and RBLs start getting less specific than a /32. I've been on both sides of this one, and were I to fire up an exit again I'd want to run it at zero bandwidth for a month or so just so all the RBL ops ensure it's listed .. people rush to abuse the new ones, and not for utopian visions of a free Internet either. Michael Holstein Cleveland State University From: tor-talk tor-talk-boun...@lists.torproject.org on behalf of Anders Andersson pipat...@gmail.com Sent: Tuesday, June 24, 2014 9:07 AM To: tor-talk@lists.torproject.org Subject: [tor-talk] Running an exit node which exits on a different IP than it listens to I have been sorting through my mailbox the last few days and stumbled upon an email from 2012, from this mailing list. A worried user got a false negative from check.torproject.org because an exit relay sent exit traffic out on an IP that's different from what was advertised. However, this made me think that it is perhaps not such a bad idea if more exit relays did that, even slower ones. I have access to a couple of IP numbers that I could easily configure in this way. Basically: Use one IP for Tor traffic, and one IP for exit traffic. The Tor traffic IP:Port is what would be advertised to the Tor network, and only that. The reason would be to minimize the chances of the exit IP ending up in some overzealous blacklist. I'm pretty sure that a lot of the blacklist operators just scrape the public list of relays and then they end up in a lot of places where the customer is not even aware what is being blocked. This is painfully obvious to people running a non-exit relay from home, when trying to use IRC or other services. Is this a good idea to do if you have the resources? Will it cause any non-obvious problems? I guess one problem is that check.torproject.org will show that you're not using Tor, unless it's been modified since 2012 to check this in another way. I'm not sure if I'm making myself clear here, please ask me to clarify if this is the case. // Anders -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Running an exit node which exits on a different IP than it listens to
On Tue, Jun 24, 2014 at 9:07 AM, Anders Andersson pipat...@gmail.com wrote: exit traffic out on an IP that's different from what was advertised. However, this made me think that it is perhaps not such a bad idea if more exit relays did that, even slower ones. I have access to a couple of IP numbers that I could easily configure in this way. Basically: Use one IP for Tor traffic, and one IP for exit traffic. The Tor traffic IP:Port is what would be advertised to the Tor network, and only that. The reason would be to minimize the chances of the exit IP ending up in some overzealous blacklist. I'm pretty sure that a lot of the blacklist operators just scrape the public list of relays and then they end up in a lot of places where the customer is not even aware what is being blocked. This is painfully obvious to people running a non-exit relay from home, when trying to use IRC or other services. Is this a good idea to do if you have the resources? Will it cause any non-obvious problems? I guess one problem is that check.torproject.org will show that you're not using Tor So what? What's more important to you, helping users get around stupid consensus scraping RBL blocks and censors, or having check.tpo look pretty? Tell users to retest after 'new identity' or to test tpo's onion instead, because: Congratulations. This browser is configured to use Tor. And learn a little more before they go installing stuff by default and stumbling about the net assuming all is safe because some little widget told them so. This has recently been discussed, feel free to implement either model... https://lists.torproject.org/pipermail/tor-relays/2014-May/004516.html ... https://lists.torproject.org/pipermail/tor-relays/2014-June/004691.html https://lists.torproject.org/pipermail/tor-relays/2014-June/004693.html -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk