[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Making TOR exit-node IP address configurable

On Wed, 09 Mar 2011 19:23:15 +0100
"Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx> wrote:

> i've been thinking and playing a lot about the various possible risk
> mitigation scenarios for TOR exit node maintainer.
> Now i need to be able to pass all web traffic trough a transparent proxy
> in order to implement some kind of filters to prevent specific
> web-attacks, web-bruteforce, etc, etc
> One very interesting feature that's now missing from TOR and that would
> need to implement such kind of proxying is to be able to bind the
> TOR-exit traffic to a specific IP address.
> That way would be possible to "mark" with iptables the TOR exit traffic
> and just mangle this.
> That kind of added feature would also allow a TOR exit node to re-route
> the TOR exit traffic go away trough multiple interface in round-robin
> for example, for multi-homed TOR routers.
> Sounds to me like a small patch, but frankly speaking i'm not a c-coder.
> Some volunteer?

Try running "man tor |grep -C5 OutboundBindAddress".

But I'm not surprised that someone who wants to perform content
censorship on a Tor exit node is too clueless to find that Tor
configuration option, or to find out that iptables can apply different
rules to the user ID under which Tor is running.

Robert Ransom

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list