[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: How to strictly exclude exit nodes?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: How to strictly exclude exit nodes?
- From: "John Brooks" <aspecialj@xxxxxxxxx>
- Date: Thu, 25 Sep 2008 20:02:24 -0600
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 25 Sep 2008 22:02:29 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=NchYFIDZLmInL7fY9zwN7+WJX+Nn8hQrQ389wBlbnfo=; b=Xy158p+mgPuZi7GzcJRfMa/uWWwFBhgitv9ucyK1k5W8fN9qHzNRZ0srduE9COhAcZ HXQQSYhjriAZm3UryZ4m5uioL6ixgoFOsh/WWUQqBF/r3ubndqOPU6uqmU0g6xGovR5J xg38AorGfXpB9/m9KT0/ntjr0xenIVb/JYmto=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=RbuuDsykYejasB5fuoOJjUlluo92KlMS9sUFZQxeo9t8q92fwS3RWEW70QTKTQJNea i0oryOauoqDzfJfvY5D3pWIE5QxPVMJO3XKqAAoCMA5YCogD7OUGR7BigNM4zsqXhcBK e8VaYPPKhSQ3Jzq+cU/LjGVi2c+PuClXg2MiA=
- In-reply-to: <48DC389C.10505@xxxxxxxxx>
- References: <20080926084605.D3D9.818A4CE4@xxxxxxxx> <48DC389C.10505@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
I'm not certain, but I believe this message is indicating that the
exit node is *explicitly* requested for this route, and being used
despite that it would never be chosen for a normal route. That is, I
would guess this is using a .exit address (www.google.com.blabla.exit)
to force the exit path, and it allows that despite blabla being in
ExcludeExitNodes. The specific behavior of Exclude(Exit)Nodes is to
not use the specified nodes when creating any routes - it won't use
them by itself, but will if you force it to.
You should be safe from using blabla for an exit for normal traffic.
- John Brooks
On Thu, Sep 25, 2008 at 7:19 PM, F. Fox <kitsune.or@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Li-Hui Zhou wrote:
>> When using the latest svn version of tor as a client, ExcludeExitNodes
>> as CIDR format used, it give me this warn:
>>
>> (time) [warn] Requested exit node 'blabla' is in ExcludeNodes, or
>> ExcludeExitNodes, using anyway.
>>
>> How can I strictly do not allow those exit node that are already
>> excluded from being used?
>>
>>
>>
>
> When choosing nodes to *use* exclusively, this line has to be added, in
> addition to the ExitNodes line:
>
> StrictExitNodes 1
>
> I'm not entirely sure, but that would be my guess as to how to make
> Exclude[Exit]Nodes strict, as well; although, I was under the impression
> that those lines were strict by default.
>
> If not, it's probably a darn good thing you brought it up.
>
> - --
> F. Fox
> Owner of Tor node "kitsune"
> http://fenrisfox.livejournal.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBCAAGBQJI3DiLAAoJECxKjnsrYHNH834P/2JwQo0aewXwRZOUUEcPSNsP
> Lx0q1eF3TIKKjggotuCNj629KxjNE3ux9Mzesg6QNb8Rpn+5048XfnYc5hpL8aPT
> UF1yBMcJIS6mavGs5uk1LPDtTGSns332DyLGQFxYBZhbUJwqTaib2gozA+mmdAe8
> Advts4nOPkbWa5So8bUkVL3LegyeusYqbtm52eipC3JTuKEb4lQXJtbusom7X7I3
> GoV7x32KaaRry0k5So4vtgcJuWSE3I2qYZihy1EPYWCztHWN0rz2Z8jubssAgGA4
> uelry2QB7/bY1HgoQpl9S8aEVvuJ29P2wjt4hzyeRywC1YK1YEKewFFv34wS3PN9
> X2wCVvlFa/kMGfgQTpl2woq+UFDKWhRlSm80vCqfr49oEsoDRETFf2i5gV/x28z2
> deIuc+YBamPZDuxCipdaqNrGYGARiaXz6mjNH4e7jpO094wgK3MDP7f7c5vkVzSx
> YXs3Kr0P+N/1q2VABZDXAswfzQ3XO9u5yhxImtIyxMxIQjYL7TCc7uvVLLHoclNi
> 1PpdMnKtqH93mVWZvvgnBOnprxIDLfCYsiBsjJ8ZdCZ7u5BUL/ujMJg92IX9gTAc
> bSbGiBU4ubQjMiW9lL/NBLWQQpDogcaOI15thTfSh+v3UD+V6fUCgbzq+NcFtzS9
> 3y2VRtoQ+xHtClwWlQ59
> =BXPF
> -----END PGP SIGNATURE-----
>