[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is "gatereloaded" a Bad Exit?




Am 29.01.2011 20:13, schrieb Jon:
> On Sat, Jan 29, 2011 at 12:46 PM, Jan Weiher <jan@xxxxxxxx> wrote:
>> Hi,
>>
>> while scrolling through the tor status page (torstatus.blutmagie.de), I
>> stumpled upon the following node (the reason why it came to my eye was
>> the long uptime):
>>
>> gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92
>>
>> This node looks suspicious to me, because there is no contact info given
>> and the exit policy allows only unencrypted traffic:
>>
>> reject 0.0.0.0/8:*
>> reject 169.254.0.0/16:*
>> reject 127.0.0.0/8:*
>> reject 192.168.0.0/16:*
>> reject 10.0.0.0/8:*
>> reject 172.16.0.0/12:*
>> reject 194.154.227.109:*
>> accept *:21
>> accept *:80
>> accept *:110
>> accept *:143
>> reject *:*
>>
>> Am I missing something? I'm wondering why the status page lists this
>> node as non-exit, because it clearly allows outgoing traffic on ports
>> 21,80,110 and 143?
>> I'm aware of the fact that it is not recommended to use tor without
>> additional encryption, but some users do. And I dont see any reason for
>> only allowing unencrypted traffic than snooping?
>> Can anyone clearify this? If the admin of this node is on the list,
>> would he please explain this situation?
>>
>> best regards,
>> Jan
> 
> 
> It may possible be a middle node instead of an exit node.
> 

As far as I understand the ExitPolicy, the first matching rule applies.
Which means, that this is an Exit Node, at least for ports 21,80,110 and
143 to IP adresses that do not match the reject rules above the
corresponding accept rules. Anyone is free to correct me if I'm wrong,
but a middle node has only _one_ ExitPolicy which is "reject *:*".

best regards,
Jan
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/