[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

tor block list




Dear TOR block-list administrator,

If you are blocking TOR nodes primarily for IRC users, then you should
be aware the TOR nodes are individually configurable as to which
destinations they allow.  Some TOR nodes don't allow *any* outgoing
traffic -- they only act as middlemen between other TOR nodes.

Attached is an example perl script which can parse through tor exitpoint
rules and show which nodes allow access to a particular port (say one of
the IRC ports), and which nodes do not.

Currently, less then 60% of tor nodes allow outgoing connections to port
6667.  By comparison, 67% allow outgoing connections to port 80, and
none allows outgoing connections to port 25.

So I don't think a single list will cover all uses.  Rather then
disallowing connections from a system because it happens to be a TOR
node, take into consideration what the exit policy is of the node.

regards,
Valient

#!/usr/bin/perl -w

use strict;

# first (and only) argument should be a port number to look for
my $testPort = $ARGV[0]
    || die "Usage: tor-exitpoint <port number>\n";

# fetch tor server list from server
# this server was listed on the report page:
# http://www.noreply.org/tor-running-routers/
open(TOR, "wget -q http://tor.noreply.org:9030/ -O - |")
    || die "Can't open wget: $!";

# parse rules for each server..
my $state = 1;
my $routerName;
my $routerIP;
while(<TOR>)
{
    chomp;
    if($state == 1 && m#^router (.*) (\d+\.\d+.\d+.\d+)#)
    {
	#print "found router id line \"$_\"\n";
	# found router list
	$routerName = $1;
	$routerIP = $2;
	$state = 2;
    } elsif( $state == 2 && m#^(reject|accept) \*:(.*)# )
    {
	# $2 is port or port range (eg "110"   or  "1-1000")
	my $type = $1;
	my $startport = $2;
	my $endport = $2;

	if($startport =~ m#(\d+)-(\d+)#)
	{
	    $startport = $1;
	    $endport = $2;
	}

	if($startport eq "*" ||
	    ( $startport <= $testPort && $endport >= $testPort ))
	{
	    # rule matches
	    #print "rule \"$_\" matches port $testPort\n";
	    if($type eq "reject")
	    {
		print "$routerName ($routerIP) rejects $testPort ($_)\n";
		$state = 1;
	    } else
	    {
		print "$routerName ($routerIP) accepts $testPort ($_)\n";
		$state = 1;
	    }
	}
    }
}

close(TOR);

Attachment: signature.asc
Description: OpenPGP digital signature