[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to ban bad tor node which would redirect http request to a certain ip tracker?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: How to ban bad tor node which would redirect http request to a certain ip tracker?
From: "s s" <silversword07@xxxxxxxxx>
Date: Sat, 17 Nov 2007 03:14:29 -0800
Cc: or-talk@xxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 17 Nov 2007 06:14:39 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=HDGr4o+gdrMDHjDpWz6jNBb5Jb8d1xdiqgbYj9PBT6w=; b=tQnT6fWI5RYtNhPcZ1hPMYFbLJtGSHnwXbzXTqvE4ji4PRbz8mlsEq/32q/z2CLZ6t6r4puCuozxqOCw1DpVC5fIeHjiqIUoxaajyqAlhAQiMBg3ieMeTIgTu1hD+luiOrAa+wkWARdEUMngt5tipMTzE8IvOcaoyE0IftamhLQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=egfwa4wuINXPijdMQtU9Ld8Sxhfo1mKptPkea1SDawREn6IxjC1c9Gaz4FsCrVkRBMVveryRA+3EJkBjot8TkQG8ZvZdiytpJ0x/yAK1oR2QXObVhXn3PDso8XC1aiWHBLb9tjb7QEkzqQeizhU0DoVLCPaeVcdyjXGZwoT2+8w=
In-reply-to: <20071117104232.GB20802@xxxxxxxxxxxxxx>
References: <384b62480711170229q36e207fcv5b50c5ea7931e6dc@xxxxxxxxxxxxxx> <20071117104232.GB20802@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 11/17/07, Roger Dingledine <arma@xxxxxxx> wrote:
> On Sat, Nov 17, 2007 at 02:29:09AM -0800, s s wrote:
> > I recently found some "bad" tor node would redirect http request to a
> > pre-configured address such as
> >    http://218.86.119.72/req.php?str1=xxx&&str2=url
> > where xxx is a 18 digit number contain a Unix time stamp and url is
> > the original url requested.
> > then  the host 218.86.119.72 will send back a cookie which named
> > 'UniProclove' whose content is also a 18 digit number.
> >
> > Is it possible to configure tor to isolate such a "bad" tor node?
> > or is it possible to configure tor to refuse to connect/relay to
> > certain ip addresses?
>
> Yes, you can exclude the node by nickname (or better, by key fingerprint)
> by adding an "ExcludeNodes" line to your torrc file. See the man page
> for details.
>
> But even better, if you tell us which node it is, we'll a) try to contact
> the operator to get him to fix it, as it's quite likely to be an innocent
> misconfiguration, and b) blacklist it from the directory consensus in
> the meantime, so other users won't stumble into it.
>
I dont know how to find which node did the redirect.
Seems that it is difficult to track this node, it only occurs from time to time

Now what i can do is to block browser cookies and/or configure Privoxy
to block this kind of urls.

> (I've been meaning for a while to come up with some mechanism for users to
> report problems they see, while we wait for Mike Perry to get his TorFlow
> application more automated. But there are enough false positives that I
> don't think we should just say "mail tor-volunteers". I'm not sure what
> the best plan should be.)
>
> Thanks!
> --Roger
>
>

Regards,

References:
- How to ban bad tor node which would redirect http request to a certain ip tracker?
  - From: s s
- Re: How to ban bad tor node which would redirect http request to a certain ip tracker?
  - From: Roger Dingledine

Prev by Author: How to ban bad tor node which would redirect http request to a certain ip tracker?
Next by Author: Another host in China which use persistant cookie to track Tor users
Previous by thread: Re: How to ban bad tor node which would redirect http request to a certain ip tracker?
Next by thread: Installing TOR on CentOS
Index(es):
- Author
- Thread