[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2

     On Tue, 10 Feb 2009 01:49:55 -0500 Nick Mathewson <nickm@xxxxxxxxxxxxx>
>On Mon, Feb 09, 2009 at 11:10:28PM -0600, Scott Bennett wrote:
> [...]
>>      I think it would be a useful modification for the authorities to be able
>> to flag IP addresses and address ranges with BadExit in addition to being
>> able to flag nicknames and key fingerprints.  That way, when a case like
>> "apple" arises, its career could be greatly hindered by flagging the /24's
>> of their ISPs. 
>Internally, this ability exists.  In the relevant configuration file,
>authority operators can mark entire IP ranges as BadExit.  This
>doesn't get propagated to the consensus; instead, they automatically
>vote for any OR that shows up in a marked IP range as being BadExit.
>The result's the same, but the client code and the consensus format
>get to stay a little simpler.
     That's very good news.  I gather that that ability involves one
or more of the various undocumented torrc statements.  Is there any
way for an individual tor user to take the initiative by excluding
nodes/exits by IP address or address range?  I would very much like
to exclude all the /24s that I can see that "apple" has used, for

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *