[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: bad exit blacklisting

On Sat, Oct 25, 2008 at 12:53:35PM +0200, slush wrote:
> > : > as far as I read Tor documentation, I cannot find mechanism, how can be
> > : > exit node marked as "Bad exit". Is there any standardized mechanism for
> > : > detecting bad exits and marking them in directory servers?
> >
> > I believe the answer is the bad node detection would have to run on the
> > directory servers.
> >
> But it is not implemented anywhere. In soat script is just placeholder
> function for exporting bad exits, but it is not implemented yet.

True, it isn't implemented anywhere yet. But it isn't hard: there are
config options for directory authorities, either by adding a torrc
line like
or by adding a line like
  !badexit FFFF 4D66 0846 8650 46B1 A1F3 6AED 8C10 B841 81E8
to the approved-routers file.

My rough idea is that the script hunting for bad exits should connect to
the directory authority's control port, and change its config options as

Then the script can keep its own timestamps of when it found an address
(or netblock) to be bad, and try them again periodically, and then
forgive an address if a) it starts behaving well again, or b) it has
been offline long enough.

Of course, it needs to get a lot more testing before we'll just hook
it up to a directory authority and let it dictate which relays should
be avoided. :) Some script that an authority operator can run to say
"I just heard this relay is misbehaving. Please run some tests and
confirm or deny" would be great. The step after that would be for it
to run in the background and send mail to a list when it looks like it
found a misbehaving relay. Then the operators can investigate further.

Once we've had a human in the loop for a while and things look like
they're working smoothly, then we should take the last step of just
automating it.

> Yes, Im working on similar project as soat.py, but with a little different
> method. The main difference is that Im not comparing html page downloaded
> via Tor and via direct connection, but I retrieve many copies of the same
> page via many exit nodes and doing some transformation on that. Using this
> method, I have less false-positives in case of dynamic page. I think it is
> the main difference, but there is more little "improvements" (or things with
> different implementation).
> Originally, I was thinking about improvements of existing soat.py, but there
> is absolutely different access to problematic, so it is easy to write it
> from scratch. Im just curious, if there is interest from anybody other and
> if it is teoretically possible to use my work as (part of) detecting
> mechanism on directory servers. Im writing that as part of my thesis, but I
> will be glad, if anybody will find useful for self. It can be reason for
> writing script as fully working application, not just prototype (code
> snippets), which fulfill requirements of my thesis.

Yes, having a working script to do this would be great. I've been hoping
that Mike Perry would get Torflow up and working, but so far he hasn't
found time to do it.