[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Fetching only Exit nodes



On Thu, May 31, 2007 at 09:15:18AM -0700, Mr. Blue wrote:
> I am using tor 1.1.26

You might want to stop that; 0.1.2.x has a lot of security
improvements.
 
> So...,
> Whenever my script detects change of MD5 value of
> cached-routers,
> it clears DB and by using regular expesion it fill DB
> with nodes.
> 
> Now..., 
> I decided I wana have only exit nodes in DB and not
> all of them.
> 
> After looking at one already made script I saw that it
> connects to Tors control port and uses:
> "GETINFO ns/all \r\n";
> for geting that kind of info(and many more).
> 
> Problem is because tor 1.1.26 doesn't have it.
> I've tried with "GETINFO network-status \r\n", but
> nada!
> ... and ALL othe possible values to Tor.

Right. 0.1.1.x is old.... though getinfo network-status *does* work
for me there.  It doesn't use the same format, though, and it can't
tell you what is an exit node.

You _could_ arrange for a long-running script to be notified of all
new descriptors as they arrive by using SETEVENTS to listen for
NEWDESC  events, but I'm not sure that's what you want.

> 
> Now because this script isn't of use to me I guess, I am on my own.
> 
> I will continue to get that data from cached-routers
> file.
> Now....
> 
> reject 0.0.0.0/8:*
> reject 169.254.0.0/16:*
> reject 127.0.0.0/8:*
> reject 192.168.0.0/16:*
> reject 10.0.0.0/8:*
> reject 172.16.0.0/12:*
> accept *:80
> accept *:443
> reject *:*
> 
> is absolutely same like:
> 
> reject *:*
> 
> Is that correct?

No.  The former rejects all addresses in private networks; accepts
port 80, and port 443; and rejects everything else.

The latter just rejects everything.

HTH,
-- 
Nick Mathewson

Attachment: pgpgdVevSACv7.pgp
Description: PGP signature