[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR on Academic networks (problem)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: TOR on Academic networks (problem)
From: Peter Palfrader <peter@xxxxxxxxxxxxx>
Date: Wed, 17 May 2006 15:33:09 +0200
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 17 May 2006 09:33:14 -0400
In-reply-to: <446B1B96.9090505@csuohio.edu>
Mail-followup-to: or-talk@xxxxxxxxxxxxx
References: <4469CA02.1040007@csuohio.edu> <928946aa0605161301l5cfb6a19m5b35779de6ee3be8@mail.gmail.com> <446A36C0.7090408@csuohio.edu> <20060517001455.GF3360@asteria.noreply.org> <446B1B96.9090505@csuohio.edu>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Wed, 17 May 2006, Michael Holstein wrote:

> >You are hurting the Tor network more than you realize.  You are lying to
> >clients and clients cache that answer.  Don't do this.
> 
> I've tested this before, and since the /etc/hosts entry refers to an 
> address which is blocked by *all* TOR servers default exit policy, it 
> just says "requested exit node will deny your request".
> 
> Do they still cache the DNS answer?

The reject cell includes a the resolved IP address.  This answer is
cached.

> Would it be better to block them by allowing a (legitimate) DNS lookup, 
> and then null-routing the IP space involved?

No.

> Doing *nothing* is NOT an option here.

Add them to your exit policy.  If that turns out to be too long (more
than just a couple of lines), make your exit policy rejects broader,
even if that means rejecting *:80.

-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Follow-Ups:
- Re: TOR on Academic networks (problem)
  - From: Tor User

References:
- TOR on Academic networks (problem)
  - From: Michael Holstein
- Re: TOR on Academic networks (problem)
  - From: Joseph Lorenzo Hall
- Re: TOR on Academic networks (problem)
  - From: Michael Holstein
- Re: TOR on Academic networks (problem)
  - From: Peter Palfrader
- Re: TOR on Academic networks (problem)
  - From: Michael Holstein

Prev by Author: Re: TOR on Academic networks (problem)
Next by Author: Re: TOR on Academic networks (problem)
Previous by thread: Re: TOR on Academic networks (problem)
Next by thread: Re: TOR on Academic networks (problem)
Index(es):
- Author
- Thread