Dear TOR block-list administrator,
If you are blocking TOR nodes primarily for IRC users, then you should be aware the TOR nodes are individually configurable as to which destinations they allow. Some TOR nodes don't allow *any* outgoing traffic -- they only act as middlemen between other TOR nodes.
Attached is an example perl script which can parse through tor exitpoint rules and show which nodes allow access to a particular port (say one of the IRC ports), and which nodes do not.
Currently, less then 60% of tor nodes allow outgoing connections to port 6667. By comparison, 67% allow outgoing connections to port 80, and none allows outgoing connections to port 25.
So I don't think a single list will cover all uses. Rather then disallowing connections from a system because it happens to be a TOR node, take into consideration what the exit policy is of the node.
regards, Valient
#!/usr/bin/perl -w use strict; # first (and only) argument should be a port number to look for my $testPort = $ARGV[0] || die "Usage: tor-exitpoint <port number>\n"; # fetch tor server list from server # this server was listed on the report page: # http://www.noreply.org/tor-running-routers/ open(TOR, "wget -q http://tor.noreply.org:9030/ -O - |") || die "Can't open wget: $!"; # parse rules for each server.. my $state = 1; my $routerName; my $routerIP; while(<TOR>) { chomp; if($state == 1 && m#^router (.*) (\d+\.\d+.\d+.\d+)#) { #print "found router id line \"$_\"\n"; # found router list $routerName = $1; $routerIP = $2; $state = 2; } elsif( $state == 2 && m#^(reject|accept) \*:(.*)# ) { # $2 is port or port range (eg "110" or "1-1000") my $type = $1; my $startport = $2; my $endport = $2; if($startport =~ m#(\d+)-(\d+)#) { $startport = $1; $endport = $2; } if($startport eq "*" || ( $startport <= $testPort && $endport >= $testPort )) { # rule matches #print "rule \"$_\" matches port $testPort\n"; if($type eq "reject") { print "$routerName ($routerIP) rejects $testPort ($_)\n"; $state = 1; } else { print "$routerName ($routerIP) accepts $testPort ($_)\n"; $state = 1; } } } } close(TOR);
Attachment:
signature.asc
Description: OpenPGP digital signature