[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router

On 11/4/14, Lars Boegild Thomsen <lth@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> ...
> I will definitely look into this one.  This should be quite easy to
> implement by messing a bit with the firewall tables :)
> Only problem I see is that to make it useful I think it would have to time
> out at some point.

in the past i have used OUI prefix lists to avoid known bad behavior.
(this doesn't work if a device is spoofing MAC of course, but in that
case they are probably savvy :)


a few hundred prefixes to opt-in safe (captive unless masked avoid),
 half that to fail open on occasion (default no captive unless known usable)

> Number of wireless networks are not an issue so I _am_ beginning to think
> that more than two is necessary.  For example:
> 1. Open - Open network - no Tor
> 2. Transparent proxy - all tcp traffic allowed - forced through Tor -
> everything on separate circuits  - captive warning
> 3. Transparent proxy as 2 minus captive portal (for gadgets or someone who
> know what they are doing)
> 4. Isolating proxy - only https allowed - forced through Tor - everything on
> separate circuits and everything else blocked

the timeout behavior, perhaps you could detect "brain-dead re-attempt
repeat" behavior for this duration, and then let through instead.

this came up in past discussions about a device that is simply
connected but idle, not yet seen by human.  and a device that is
headless dumb, like your media player.

more feedback when i have time.

thanks again for the open discussion!

best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to