On 11/4/14, Lars Boegild Thomsen <l...@reclaim-your-privacy.com> wrote: > ... > I will definitely look into this one. This should be quite easy to > implement by messing a bit with the firewall tables :) > > Only problem I see is that to make it useful I think it would have to time > out at some point.
in the past i have used OUI prefix lists to avoid known bad behavior. (this doesn't work if a device is spoofing MAC of course, but in that case they are probably savvy :) https://standards.ieee.org/develop/regauth/oui/oui.txt a few hundred prefixes to opt-in safe (captive unless masked avoid), half that to fail open on occasion (default no captive unless known usable) > Number of wireless networks are not an issue so I _am_ beginning to think > that more than two is necessary. For example: > > 1. Open - Open network - no Tor > 2. Transparent proxy - all tcp traffic allowed - forced through Tor - > everything on separate circuits - captive warning > 3. Transparent proxy as 2 minus captive portal (for gadgets or someone who > know what they are doing) > 4. Isolating proxy - only https allowed - forced through Tor - everything on > separate circuits and everything else blocked the timeout behavior, perhaps you could detect "brain-dead re-attempt repeat" behavior for this duration, and then let through instead. this came up in past discussions about a device that is simply connected but idle, not yet seen by human. and a device that is headless dumb, like your media player. more feedback when i have time. thanks again for the open discussion! best regards, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk