[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TOR on Academic networks (problem)
-----BEGIN PGP SIGNED MESSAGE-----
On May 16, 2006, at 8:47 PM, Joseph Lorenzo Hall wrote:
On 5/16/06, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:
10,000 IP addresses, or domain names? We only need to block the
The correct way is to put the IP's in a deny list in the config file.
This is not an option... I estimated using Netcraft's SearchDNS and
the regexs that Berkeley uses for their library proxy that this would
be an exit policy *on the order of* 10,000 entries long.
btw, how does the library proxy handle this much? I think tor can do
regex matching on the ip/hosts.
I think the best thing is to use a nice tree for all directory
lookups. Something tells me tor uses a slow linear search through the
file if it's not scaling O(lg n).
As Roger has made clear elsewhere, the current directory protocol
won't scale well with exit policies of this length (or really in
general) and it would be better for the network for these nodes to
operate a middleman node instead. This is why a few of us on dorky
academic networks are trying to find other solutions. best, Joe
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
- -- Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
-----END PGP SIGNATURE-----