[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Blocking Shadowserver honeypots

> Would it make me a Bad Exit if I would block these hosts with iptables
> instead?

That would be up to the authority operators, but probably not. If you
have contact info set on the relay then we'd ask what's up before
setting the BadExit flag.

Blocking destinations via iptables is definitely less desirable than
doing it via the exit policy since the former doesn't inform Tor
clients that you're unwilling to handle the traffic (the connections
simply fail). That said, if you both included the current honey pots
in your exit policy *and* an iptables rule to cover any future
sinkhole IPs I'd highly doubt anyone would mind (just please be sure
to have the contact info set in case there's concern).

Cheers! -Damian
tor-talk mailing list