[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TOR on Academic networks (problem)
On Wed, 17 May 2006, Michael Holstein wrote:
> >You are hurting the Tor network more than you realize. You are lying to
> >clients and clients cache that answer. Don't do this.
>
> I've tested this before, and since the /etc/hosts entry refers to an
> address which is blocked by *all* TOR servers default exit policy, it
> just says "requested exit node will deny your request".
>
> Do they still cache the DNS answer?
The reject cell includes a the resolved IP address. This answer is
cached.
> Would it be better to block them by allowing a (legitimate) DNS lookup,
> and then null-routing the IP space involved?
No.
> Doing *nothing* is NOT an option here.
Add them to your exit policy. If that turns out to be too long (more
than just a couple of lines), make your exit policy rejects broader,
even if that means rejecting *:80.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/