[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: How to ban bad tor node which would redirect http request to a certain ip tracker?
On 11/17/07, Roger Dingledine <arma@xxxxxxx> wrote:
> On Sat, Nov 17, 2007 at 02:29:09AM -0800, s s wrote:
> > I recently found some "bad" tor node would redirect http request to a
> > pre-configured address such as
> > http://184.108.40.206/req.php?str1=xxx&&str2=url
> > where xxx is a 18 digit number contain a Unix time stamp and url is
> > the original url requested.
> > then the host 220.127.116.11 will send back a cookie which named
> > 'UniProclove' whose content is also a 18 digit number.
> > Is it possible to configure tor to isolate such a "bad" tor node?
> > or is it possible to configure tor to refuse to connect/relay to
> > certain ip addresses?
> Yes, you can exclude the node by nickname (or better, by key fingerprint)
> by adding an "ExcludeNodes" line to your torrc file. See the man page
> for details.
> But even better, if you tell us which node it is, we'll a) try to contact
> the operator to get him to fix it, as it's quite likely to be an innocent
> misconfiguration, and b) blacklist it from the directory consensus in
> the meantime, so other users won't stumble into it.
I dont know how to find which node did the redirect.
Seems that it is difficult to track this node, it only occurs from time to time
Now what i can do is to block browser cookies and/or configure Privoxy
to block this kind of urls.
> (I've been meaning for a while to come up with some mechanism for users to
> report problems they see, while we wait for Mike Perry to get his TorFlow
> application more automated. But there are enough false positives that I
> don't think we should just say "mail tor-volunteers". I'm not sure what
> the best plan should be.)