>> On 1 Sep 2015, at 07:45, Philipp Winter <p...@nymity.ch >> <mailto:p...@nymity.ch>> wrote: >> >> The harm caused by cloud-hosted relays is more difficult to quantify. >> Getting rid of them also wouldn't mean getting rid of any attacks. At >> best, attackers would have to jump through more hoops. >> >> If we were to decide to permanently reject cloud-hosted relays, we would >> have to obtain the netblocks that are periodically published by all >> three (and perhaps more) cloud providers: >> <https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html >> <https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html>> >> <https://msdn.microsoft.com/en-us/library/azure/Dn175718.aspx >> <https://msdn.microsoft.com/en-us/library/azure/Dn175718.aspx>> >> <https://cloud.google.com/appengine/kb/general?hl=en#static-ip >> <https://cloud.google.com/appengine/kb/general?hl=en#static-ip>> >> >> Note that this should be done periodically because the netblocks are >> subject to change.
> On 1 Sep 2015, at 08:58, nusenu <nus...@openmailbox.org> wrote: > > Should you decide to continue generally blacklisting entire ISPs/ASes/IP > ranges: > > Please add that info (including the banned ISPs/ASes/IP ranges) to the > documentation (i.e. relay setup guides [4]) so volunteers don't waste > their time and money to setup blacklisted relays [5]. > > [4] https://www.torproject.org/getinvolved/relays.html.en > <https://www.torproject.org/getinvolved/relays.html.en> > [5] > https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html > <https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html> If the blocked IP ranges are going to become numerous, and change frequently, why not create a tool that volunteer relay operators can use to check an IP address? Tim (teor)
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev