[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

List of exit nodes wanted

Hello,

Please forgive me for not doing more thorough research before
emailing.  I'm not part of the Tor community and not really
interested in getting too into it.  I'm just looking for some quick
advice.  I've installed Tor on several machines, fiddled with its
config and log files, and read most of the FAQ.

I'm looking for a list of Tor exit nodes, so I can block them from
posting to my website.  What's the easiest way to obtain that list
and keep it up-to-date?

For a while I was using a public site that presented a webpage
listing all Tor nodes, and I screen-scraped it, but the site went
dead.  Then I switched to another site that later also went dead.
If there's an official URL that will stick around, that basically
just lists the exit nodes in the cached-routers file that'd be
cool.  Even better if it could let me specify I'm only concerned
about x.y.z.a:80 and it will leave out any exit nodes that forbid
connections to me!

My current best guess is that I need to install Tor myself and
configure it to run, at least periodically, to keep its list of
routers up-to-date.  Since that list seems to be stored in a text
file (cached-routers) I guess I could parse that myself.  However,
that is less than desirable to me.

If anyone's interested, the reasons for that include:


1. I don't want to relay any Tor traffic.

I'm not sure of the best way to configure Tor to not relay
anything.  If I comment out the ORPort I get an error on startup:

    Failed to parse/validate config: SocksPort, TransPort,
    NatdPort, and ORPort are all undefined? Quitting

Setting BandwidthRate to 0 yields a similar error, and also setting
ReachableORAddresses to reject *:*.  I know that:

    ExitPolicy reject *:*

makes me not an exit node, but I prefer not to relay _any_ traffic.

2. I'm not sure how to tell from Tor's logs whether I have
   mistakenly configured it to route traffic.

My current test is `lsof -ni|grep tor` which seems klutzy.

3. I'd overblock some exit nodes.

I don't have any sample code to determine whether an exit node is
already blocking traffic to my site and thus it would be
unnecessary to block it on my end.  E.g. I see one node blocks
x.y.z.0/24:80 which matches my site's IP so I don't need to prevent
any connections coming from that node from posting.  If the
cached-routers file is in a standard data format that I could use
some existing code to parse, to generate a list of only those IPs
which harbor exit nodes that allow connections to x.y.z.a, please
let me know.

4. Firewall issues.

5. I prefer not to leave it running all the time, and I can't tell
   when its local copy of cached-routers is complete.

(Partly for general security reasons, but especially if I can't
configure it to not route traffic.)  Tor seems to build
cached-routers incrementally as remote sites respond one by one,
and I don't know of a programmatic way to know when that list is
done building.


Incidentally (if you're interested), I'm happy to let Tor users
read my website, but I choose not to let Tor users post unless they
are signed in with one of our accounts, which lets us limit abuse. 
Since Tor doesn't attempt to block sites like mine from reading its
list of nodes (exit and otherwise)
<https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#WhyBlockable>
my assumption is there's no problem with making that list as public
as possible.
-- 
  Jamie McCarthy
 http://mccarthy.vg/
  jamie@xxxxxxxxxxx