[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is this a Tor exit node connecting to me?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Is this a Tor exit node connecting to me?
From: Matt Ghali <matt@xxxxxxxxx>
Date: Tue, 27 Mar 2007 12:58:10 -0700 (PDT)
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 27 Mar 2007 15:58:31 -0400
In-reply-to: <20070326210638.GI28282@moria.seul.org>
References: <20070326010018.BA352DA842@mailserver7.hushmail.com> <20070326210638.GI28282@moria.seul.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, 26 Mar 2007, Roger Dingledine wrote:

Matt, can you let us know if setting up sendmail with the
relative-to-your-IP-address approach is just as easy? Are there common
situations where it would make things harder?

While sendmail's default dnsbl() FEATURE, as well as Spamassassin's check_rbl_sub() do not have the flexibility to append the port information to the query (IE, seeing if the connecting host is in the list _and_ is allowing exits onport 25), it could possibly be easy to add similar functions that do.

The problem is that they aren't shipped by default, and the dnsbl lookup functions that do will likely be (ab)used to check the tor dnsbl and make decisions based on simply whether a host is present.

Possibly the easiest and friendliest way to cope would be to provide additional dnsbl views by port for interesting ports; perhaps zones such as 25.exit.dnsbl.zone or 80.exit.dnsbl.zone. This would allow existing software to easily perform a lookup without risking the binary good/bad problem.

And while I'm asking, we could imagine setting up a dnsbl that looks
at what IP address is asking the question, and answers relative to that
address. Thus people in Matt's situation could just plug it in, and it
would internally do what we all mean.

Not sure what's relative to the query source here. We're presumably looking to see if a host is a tor node and whether it's policy allows exit of an arbitrary port, right? None of that AFAIK is dependent on who's asking.

I can see some downsides though --
if the client querying the dnsbl is on a very different address than
the service, or if proxying dns queries (or passing recursive queries)
is commonplace. I suspect a few 'no, that wouldn't work' responses should
be sufficient to discard this paragraph. :)


It would also be computationally hard :)

matto

--matt@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx<darwin><
  Moral indignation is a technique to endow the idiot with dignity.
                                                - Marshall McLuhan

References:
- Re: Is this a Tor exit node connecting to me?
  - From: Joseph B. Kowalski
- Re: Is this a Tor exit node connecting to me?
  - From: Roger Dingledine

Prev by Author: Re[2]: Free Software and Torpark (was: Ultimate solution)
Next by Author: Re: Building tracking system to nab Tor pedophiles
Previous by thread: Re: Is this a Tor exit node connecting to me?
Next by thread: Re: Is this a Tor exit node connecting to me?
Index(es):
- Author
- Thread