[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] BadExit: Rerouting exit relays detected (1) 45.63.11.98



On Sun, Oct 11, 2020 at 01:39:17PM -0500, Mike Perry wrote:
> > I believe I can tell rerouting exits from exits having distinct IPs for
> > inbound and outbound connections - in most cases.
> 
> Are your scanners available for others to run? I understand that it is a
> risk that making them public may allow bad exits to avoid them, but is
> it ok if other specific people use and adapt the scanners?

Right, in this particular case, we already run a scanner which provides
public output: it's the tordnsel scanner, and check out
https://check.torproject.org/exit-addresses

So what we are missing still is (a) a human to go through that list
periodically to look for exits that have weirdly too many exit addresses,
especially addresses that overlap with other exits, and then (b) somebody
to automate the process that that human uses.

In the 'bad exit finding' world, we've had problems in the past with
false positives, where some automated tool spams us with "possible"
problem relays and we quickly learn that ignoring those reports is the
best use of our time. So as we try to automate this one, I'd be a fan
of putting the detection threshold quite high, so when we trigger on
a relay and escalate to the humans, it's because we're quite confident
there's something that needs action.

> >> Remember that our directory authorities are deliberately independent
> >> from TPI though, and even what I think is not necessarily what TPI
> >> thinks. The dirauths may have different opinions. Coordinating policy of
> >> this nature is difficult and requires consensus building.
> > 
> > Since dir auths have been removing these kinds of relays, I don't think there
> > is any policy change necessary.
> 
> Ok great! Sometimes I am surprised by their decisions, and I didn't see
> this one.

Right. This one's an easy choice, because not only is it wasteful as
you say, it is also a way that somebody can sign up an exit relay to
look at traffic without needing to actually be the exit for that traffic.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays