[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Exit node blocking site?
On Sun, Feb 19, 2006 at 04:28:33PM -0500, Michael Holstein wrote:
> I actually block access to groups.google.com and groups.l.google.com by
> putting them as 127.0.0.2 in /etc/hosts -- but I noticed that TOR is
> smart enough to notice that the address will resolve to an IP prohibited
> by the exitpolicy, and not even try.
Right now you're degrading service for other Tor users that try to go to
groups.google.com, because you trick them into thinking that it resolves
to something else. Also (and you'll perhaps be more motivated by this), if
the user resolves the address into an IP first, you're not blocking that.
The better answer is to change your exit policy to reflect the addresses
and ports that aren't reachable from your server. Then clients will
learn it from your descriptor and not even try to exit from you.