[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to strictly exclude exit nodes?



Scott Bennett wrote:
     On Sat, 27 Sep 2008 17:13:02 -0600 "John Brooks" <aspecialj@xxxxxxxxx>
wrote:
4 and 5 hop circuits can be created when contacting or publishing
hidden services and, I believe, sometimes when retrieving directory

     A circuit to a hidden service may indeed have four or more hops.
However, the client sees only the hops on the client's side of the
rendezvous and the server sees only the hops on the server's side of
the rendezvous.  Even the number of hops on the other party's side of
the rendezvous is unknown to the party that is curious.

information. Many nodes run directories on port 443, so that's not
particularly unusual.

     I'm not sure why a non-hidden-service circuit would have more than
the hard-coded default number of hops unless a controller has directed
the client in building that circuit.
For the thread as a whole, I still think the problem is that this exit
node is being *explicitly* requested (www.google.com.blabla.exit), and
that it would never be chosen automatically by tor itself, as I stated
in my first message. StrictExitNodes is an irrelevant setting.

     I agree.  It's his own fault.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

I can now confirm that dozens of 4 hop circuits can be seen in vidalia's "connections" list (no more 5 hops yet) and they are being used by the likes of vidalia and thunderbird just as the 3 hop circuits are.

I have also observed that large numbers of 4 hop circuits appear on startup of the tor client and pretty much disappear after a few minutes or so. This is probably why I only noticed the odd one before now.

Can anyone else see this?


-K-