Re: TOR Blocked at Universities

[Roger Dingledine <arma@xxxxxxx>]

On Thu, Feb 11, 2010 at 04:20:49PM -0500, Flamsmark wrote:
> On 11 February 2010 16:17, Michael Holstein <michael.holstein@xxxxxxxxxxx>wrote:
> > Let's not debate the stupidity of authenticating a network by IP address
> > .. but the above problem is ultimately what forced us to do the same
> > thing (although we just prohibit the operation of an exit). I should
> > note that the original effort to run an exit was conducted by myself,
> > and I do network security here .. but it was the complaints from the
> > library folks that got us into hot water .. there simply wasn't an easy
> > way to block access to all of them without an overly-complex exit
> > policy, and all of our IP space is within a single /16.
> 
> Why couldn't your exit policy just block the IPs of the journal sites?

Or more generally, just block *:80?

It's not the best answer I could hope for, but it's sure better than
not being an exit relay at all.

A more general approach would be to get a DMZ address, meaning somewhere
in your university address space that hasn't been whitelisted by the
libraries. That concept might not exist at your university though --
yet :).

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/