Then still you gain nothing by blocking tor nodes which do not allow any outgoing connections. There should be no technical reason to block hosts with no exitpoints. That should be easy to fix, and it doesn't require separate lists.
If you are blocking TOR nodes primarily for IRC users, then you should be aware the TOR nodes are individually configurable as to which destinations they allow. Some TOR nodes don't allow *any* outgoing traffic -- they only act as middlemen between other TOR nodes.
Yes, I am aware of the ability to restrict what traffic the nodes allow.
We actually have more then just IRC users using this right now - we've
got a prototype setup with a Usenet server, as well several web hosts
restricting certain web pages/sites with the list (for things like
whois lookups, SSL transactions), which is why it lists all nodes and
not just some (each list we load into our servers uses up resources,
so we try to limit our lists as specifically as we can).
Its up to the users themselves to figure out how to properly use theI'd say it is guaranteed to cause false positives the way it is now. 100% false positives for SMTP as of a couple hours ago when I last checked -- there were a total of 0 tor nodes that allowed exit to SMTP ports.
list. However, I will personally yell at any individual who uses this
list for SMTP blocking, since it is bound to cause false positives.
On the flip side, anyone who runs this kind of service on a serverThis kind of service.. Sounds like an evil group. Maybe we could call them 'red commie bastard' servers for greater effect. Tor and SMTP are entirely separate, even if they come from the same IP address.
that does other things like SMTP, needs to honestly reevaluate this
choice, as it is guaranteed to cause problems with the other services
once abuse starts spewing from the node.
I have nothing against TORI had a talk with someone from one of the IRC servers recently because they were getting unwanted traffic from my tor server as an endpoint. The person reporting the problem had suggested that I block IRC ports or else my server would get blocked by his network. But the way I see it is that there are hundreds of IRC networks, and blocking access to all IRC ports would be dumbing down the connection options to whatever the least tolerant network wanted. I'd rather see my node blocked by IRC networks that don't want anonymous traffic, because I expect that there will be some that do allow it!
itself - its a nifty idea, but its already started causing me stress
from dealing with the abuse on irc.
regards, Valient