[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Blocking child pornography exits

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Blocking child pornography exits
From: Ben Wilhelm <zorba-tor@xxxxxxxxxxxxx>
Date: Sat, 21 Jul 2007 06:42:04 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 21 Jul 2007 09:39:46 -0400
In-reply-to: <200707211020.l6LAK0Re003506@xxxxxxxxxxxxx>
References: <200707211020.l6LAK0Re003506@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Thunderbird/1.5.0.7 Mnenhy/0.7.4.0



Scott Bennett wrote:

> Not AFAIK. It blocks exits for whatever ports you tell it toblock exits> for. The sample torrc that comes with the package has severalexample lines> that you can uncomment or that you can simply use as examples forsyntax when> writing your own ExitPolicy statements. One of those may be an"ExitPolicy> reject *:25", but it starts out, IIRC, having only an "ExitPolicyreject *:*"> statement uncommented for those who want to dabble in running amiddleman-only

> server.

For quite a few versions, Tor has come with a significant number ofports blocked, including standard ports for email, exploits, and p2pfilesharing. I don't know if this is still the case, but if not, it'schanged recently.

The relevant code, which seems to still be active, starts at line 542 inpolicies.c, and I'll copy the exit policy itself and relevant comment in:


#define DEFAULT_EXIT_POLICY                                         \
  "reject *:25,reject *:119,reject *:135-139,reject *:445,"         \
  "reject *:465,reject *:563,reject *:587,"                         \
  "reject *:1214,reject *:4661-4666,"                               \
  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"

/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
 * cfg doesn't end in an absolute accept or reject, add the default exit
 * policy afterwards. If <b>rejectprivate</b> is true, prepend
 * "reject private:*" to the policy. Return -1 if we can't parse cfg,
 * else return 0.
 */

So chances are that if you haven't explicitly added an absolute acceptor reject to the end of your cfg, you're blocking a large number ofports that the tor developers have decided they don't want on their network.

Last I heard, the tor developers did this solely to keep the networkusable, and not for moral reasons. But I may be wrong on that.Nevertheless, trying to block something as nebulous and illdefined as"child pornography" is obviously a far, far different thing than simplyblocking a pile of ports frequently used for p2p traffic. Tor doesn'teven try to recognize common p2p packets, so hey.


-Ben

References:
- Re: Blocking child pornography exits
  - From: Scott Bennett

Prev by Author: Re: Tor takes too much RAM
Next by Author: Re: Blocking child pornography exits
Previous by thread: Re: Blocking child pornography exits
Next by thread: Re: Blocking child pornography exits
Index(es):
- Author
- Thread