[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

A way to allow firewalled exit nodes [Was: Re: getting more exit nodes]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I think that adding a "firewall-piercing" rendezvous-type system (like
STUN, or I2P's SSU) to allow heavily-firewalled nodes to act as exits -
ON A STRICTLY VOLUNTARY BASIS (i.e., off by default) - might be a nice
feature.

I can think of one potential problem, though - I don't know if such a
firewalled exit could be reliable, from the client POV. The problem
isn't so much from the general way connections are made on the Net, as
it is in the trust-no-one model of how onions are formed.

It's possible, but to preserve both the encryption from the injection
into the Tor clould to the exit node, and the TNO model, here's what
we're looking at:

1.) A firewalled node - we'll call it Router X -  opens a number of
connections (the more the merrier, since it will complicate traffic
analysis) - to non-Guard and non-Exit nodes; we'll call these Routers A-M.

2.) Router X would publish an extended server descriptor, which would
include the list of nodes it's meshed with - in this case, Routers A-M.

3.) If a client, choosing nodes randomly, includes a firewalled node, it
would take that published list into account, so that it wouldn't put
adjacent layers on the onion that couldn't be handled by its neighbors.
(So, the client couldn't put a layer for Router Z right over Router X,
because Router Z wouldn't be able to contact Router X.)

4.) So, let's say the client layered an onion to pass from some random
Router Y --> Router A --> Router X. When the transfer starts, Router X
can act as an exit, even though it's firewalled.

***

It's an interesting solution from a pure hackery point-of-view; however,
the Occam's Razor part of me seriously questions whether it'd be worth it.

For one, we'd be talking about a serious overhaul of some code; in
particular:

1.) The directory protocols would have to allow for these extended
descriptors;

2.) The client code would have to take the meshes of firewalled exits
into account;

3.) Of course, the server code would have to allow for a firewalled exit
 option.

I thought I'd throw it out there, just for the hell of it - but my
personal opinion is, Tor is actually working far better than I had
expected. It's improved over the past year or so, and I don't think a
solution like this would be worth either the work, or the potential risk
of new bugs or attacks it could open up.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSBZpLOj8TXmm2ggwAQhQqQ/5ASXel2t4ISJ+F3uC9Fn+FOp0LYSZjsq9
SgrxrWe4OEXPL1cD+cOVYXDi1+WHQPIMuu4UAJ59oNVDraQ0yv79OOW1xQb6JITY
MdjhPOwUsznaVs3D1/dhG/UUAHVfrlavfjUCbVWAMdDLONvrR35hBxkaBLaZ0mJ+
90EbtL9U91L2/ty0adAydJRxXWwmqm5nphXneLyJrLj5hVQUB0BPL792DDQi2uXH
M4bIpdcCqQWgzZKlONjWOIGHruvcQoe20fPFRE8wYcU5NwqY0puKtuCPd6+tWUBw
APY7uMBPANGzGnx4DTaMzHVkykeEeiFmjQJfrqcouQerqABQi5MZ7Uvmx/uJMvpI
FO7cgnWHOxkmNAmym8aVLkvyIVcXa87+eFBp9cUnnUxLSxd9u9SKw7nF6R/tqou/
c59ZqmzvcfmcssbXzOG0UgJrRYljPbKpyFsOkTs0Jp2defzXVs0cNpvFfieQB4MH
QueBK8YHE3G/7K+Hjsfs47pPJjXOuydcPLob1k0FeetuCZ28YxqDmmbIQoJHHyZM
CE93cKmmMgma5NOBp0XoT+e+lMMO2q5vbOlVb6DoZ2so5YTOXuhunslybO7GiMyM
XryOcPZisWLSKt7N1X2IYQwHdQTlRM46tntSF+PnitN3JCS6ZOjVSjbJccOjn79h
v9PaiFK8Aag=
=nnXu
-----END PGP SIGNATURE-----