[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is this a Tor exit node connecting to me?



On Sun, 25 Mar 2007 12:22:12 -0700 Matt Ghali <matt@xxxxxxxxx> 
wrote:
>On Sun, 25 Mar 2007, Joseph B. Kowalski wrote:
>
>> On Sun, 25 Mar 2007 03:20:10 -0700 Pei Hanru 
><peihanru@xxxxxxxxx>
>> wrote:
>
>>> A small issue. When I query the DNSBL server for my slow,
>>> middleman only (reject *:*) server, it returns 127.0.0.2.
>>> Is it a good idea to include non-exit Tor servers in this
>>> list?
>>>
>>
>> Yes, since when you are performing the first type of query,
>> you are simply asking whether an IP address is an active
>> Tor server or not, of any kind. Now, if anyone wanted to
>> see if your Tor server would exit to their location or not,
>> they could perform the second type of query (See my
>> original post for details on the two query types, if
>> necessary), which, in your case, would always return
>> NXDOMAIN since you don't allow any exiting.
>
> Please consider returning a different A record for the first
> query type to allow differentiation between exit nodes and
> middlemen. Returning 127.0.0.2 for exit nodes and 127.0.0.3
> for middleman nodes will allow sendmail dnsbl configurations
> to easily do the 'right' thing.


Hi Matto,


Differentiation between exit nodes and middlemen is exactly what
the first query type is NOT designed to do, and exactly what the
second query type IS designed to do since, as the Tor volunteer
page I quoted in my original post states "...being an exit server
is not a boolean..." Saying that "Tor server X is an exit server"
is exactly what we're attempting to get away from here, as that
is really not a valid statement unless Tor server X actually 
allows exit to every IP on every port. Assuming it does not, then
Tor server X is an exit from the perspective of some and not an
exit from the perspective of others, hence the second query type.

As a matter of fact, there really is not much reason to have the
first query type at all, I mainly just did it cause I thought it
would be a neat feature. In fact, unless I'm 
misunderstanding your comment, the second query type would be
well suited for the example you give, which is "allow sendmail
dnsbl configurations to easily do the 'right' thing". I'm
presuming you are saying that you have a sendmail server running
that would like to determine if the machine making a connection
to it is a Tor server that would allowing exiting to it. In this
case, the second query type will provide exactly that information.
Knowing that the machine connecting to you is STRICTLY a Tor
'middleman' node is useless, I would think, since in that case
I would imagine it would be getting treated the same as any other
Internet machine making a connection (Again, unless I'm missing
something here).


Hope that helps, and let me know if I'm missing something...



Best regards,


Joe Kowalski