[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to strictly exclude exit nodes?



I'm not certain, but I believe this message is indicating that the
exit node is *explicitly* requested for this route, and being used
despite that it would never be chosen for a normal route. That is, I
would guess this is using a .exit address (www.google.com.blabla.exit)
to force the exit path, and it allows that despite blabla being in
ExcludeExitNodes. The specific behavior of Exclude(Exit)Nodes is to
not use the specified nodes when creating any routes - it won't use
them by itself, but will if you force it to.

You should be safe from using blabla for an exit for normal traffic.

- John Brooks

On Thu, Sep 25, 2008 at 7:19 PM, F. Fox <kitsune.or@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Li-Hui Zhou wrote:
>> When using the latest svn version of tor as a client, ExcludeExitNodes
>> as CIDR format used, it give me this warn:
>>
>> (time) [warn] Requested exit node 'blabla' is in ExcludeNodes, or
>> ExcludeExitNodes, using anyway.
>>
>> How can I strictly do not allow those exit node that are already
>> excluded from being used?
>>
>>
>>
>
> When choosing nodes to *use* exclusively, this line has to be added, in
> addition to the ExitNodes line:
>
> StrictExitNodes 1
>
> I'm not entirely sure, but that would be my guess as to how to make
> Exclude[Exit]Nodes strict, as well; although, I was under the impression
> that those lines were strict by default.
>
> If not, it's probably a darn good thing you brought it up.
>
> - --
> F. Fox
> Owner of Tor node "kitsune"
> http://fenrisfox.livejournal.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBCAAGBQJI3DiLAAoJECxKjnsrYHNH834P/2JwQo0aewXwRZOUUEcPSNsP
> Lx0q1eF3TIKKjggotuCNj629KxjNE3ux9Mzesg6QNb8Rpn+5048XfnYc5hpL8aPT
> UF1yBMcJIS6mavGs5uk1LPDtTGSns332DyLGQFxYBZhbUJwqTaib2gozA+mmdAe8
> Advts4nOPkbWa5So8bUkVL3LegyeusYqbtm52eipC3JTuKEb4lQXJtbusom7X7I3
> GoV7x32KaaRry0k5So4vtgcJuWSE3I2qYZihy1EPYWCztHWN0rz2Z8jubssAgGA4
> uelry2QB7/bY1HgoQpl9S8aEVvuJ29P2wjt4hzyeRywC1YK1YEKewFFv34wS3PN9
> X2wCVvlFa/kMGfgQTpl2woq+UFDKWhRlSm80vCqfr49oEsoDRETFf2i5gV/x28z2
> deIuc+YBamPZDuxCipdaqNrGYGARiaXz6mjNH4e7jpO094wgK3MDP7f7c5vkVzSx
> YXs3Kr0P+N/1q2VABZDXAswfzQ3XO9u5yhxImtIyxMxIQjYL7TCc7uvVLLHoclNi
> 1PpdMnKtqH93mVWZvvgnBOnprxIDLfCYsiBsjJ8ZdCZ7u5BUL/ujMJg92IX9gTAc
> bSbGiBU4ubQjMiW9lL/NBLWQQpDogcaOI15thTfSh+v3UD+V6fUCgbzq+NcFtzS9
> 3y2VRtoQ+xHtClwWlQ59
> =BXPF
> -----END PGP SIGNATURE-----
>