Re: [tor-relays] Exitmap module to count CloudFlare CAPTCHAs

Subject: Re: [tor-relays] Exitmap module to count CloudFlare CAPTCHAs

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Mon, 21 Mar 2016 08:21:14 +1100

Delivery-date: Sun, 20 Mar 2016 17:21:55 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:message-id:references:to; bh=V7lzuR6otfahNih/Uk4R2I+pFDOP/Lgmu6DNnM6dtwQ=; b=O/MNN0YeQqf5K13PWL9JM0uWPvPpJ6U6DdgR5e1Yp/9LgctzprDX3piOy8Tcn3cbsF T7+iN/vxo0V8BnZr2I0lgrMHfwZFu2GZ0Af90tTUr/xY+Ewr77AczcvcOQnxp88OW41j TskP1YhGwV9ne4nkx4fkWXvw+Bcfek9tkZQLM2drqK0w9WbZYWnZszOOjxIMPH1J/gEw QcgzXOt7PZd7MMdVP5W261wgFXfOf7DtcZbt7f/MrFUlJdjJb0tTbIP8FPYqCcHn6S2C rCLMcpbTydJt/RYdwwr/6ixU0J9s1GIlaF8g3yBvE+S9TmHys7MMY1jTmLJbEhcC4f9o DYlw==

In-reply-to: <20160320170002.GB3211@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <20160320170002.GB3211@xxxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 21 Mar 2016, at 04:00, Philipp Winter <phw@xxxxxxxxx> wrote:

I wrote an exitmap module [0] that can tell us how many exit relays see
a CloudFlare CAPTCHA when connecting to a given site.

First, I ran the module for coreos.com because it uses CloudFlare, but
the owner configured it to whitelist Tor. Indeed, only one out of 864
exit relays saw a CAPTCHA:
<https://atlas.torproject.org/#details/7DD29A65C370B86B5BE706EA3B1417745714C8AF>

Next, I ran the module for cloudflare.com, which does not seem to
whitelist Tor. 638 (75%) exit relays saw a CAPTCHA and 211 (25%)
didn't.

This looks great!

Do we know if CloudFlare's blocking depend on the remote website, or the website's CloudFlare settings?

Or does CloudFlare treat each Exit Relay the same regardless of which website it's accessing?

Their introductory marketing / documentation would seem to indicate it's global:

"Once CloudFlare identifies that there is a new attack, CloudFlare starts to block the attack for both the particular website and the entire community." [0]

Can the ExitMap module also record how many sites show CloudFlare's "_javascript_ Challenge" [1] ?

http://www.zdziarski.com (yes, only HTTP, ugh) uses their _javascript_ challenge.

And their "Totally Block Tor" [1] option? (only available to enterprise (paying?) customers)

I don't know of a CloudFlare website that blocks Tor entirely.

Thanks

Tim

[0]: https://www.cloudflare.com/features-security/ (URL likely unavailable from some Tor Exits.)

[1]: https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor- (URL likely unavailable from some Tor Exits.)

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays