[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Exclude nodes from certain countries

On Sun, 16 Sep 2007 01:25:51 -0500 (CDT), Scott Bennett wrote:

>      I'd strongly recommend that you start with the tor overview
> document at
> 	https://tor.eff.org/overview
> paying special attention to the cartoon describing how circuits are built,
> which should begin to straighten you out on some of the other misconceptions
> you've indicated regarding tor.  To learn about the process in greater detail,
> continue reading at
> 	http://tor.eff.org/svn/trunk/doc/spec/path-spec.txt
>      To understand how tor clients (and servers) know what choices of servers
> are available, you need to read the directory protocol document(s) appropriate
> to the version of tor you run.  For[67], read
> 	http://tor.eff.org/svn/trunk/doc/spec/dir-spec-v2.txt
>  For, read the above and
> 	http://tor.eff.org/svn/trunk/doc/spec/dir-spec.txt

Thanks Scott,

I understand now that Tor client downloads network-status documents with
descriptors of available onion routers and then chooses the routers for
building circuits from that list. I understand that tor client connects
directly only to entry nodes, and never makes a direct connection with
middle or exit nodes (unless they're later used as entry nodes for
different circuits).

I understand that I can use firewall to control the entry nodes used (the
firewall would prevent connecting to bad IPs, certain countries, etc). But
I still do NOT see how Tor connections to entry nodes can be controlled
with Squid.

It would make sense to use Protowall (with a blocklist from bluetack.co.uk)
to prevent connections to bad IP ranges. That way entry nodes run by
various "bad" organizations will not be used.

But I'm still left with a problem of how to avoid nodes from certain
countries. What especially bothers me is when ALL THREE NODES are chosen
from the same bad country. I would really like to avoid that. 

I hope solution for Windows will come soon.