[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router



On Thursday 06 November 2014 05:41:09 coderman wrote:
> > I will definitely look into this one.  This should be quite easy to
> > implement by messing a bit with the firewall tables :)
> > Only problem I see is that to make it useful I think it would have to time
> > out at some point.
> in the past i have used OUI prefix lists to avoid known bad behavior.
> (this doesn't work if a device is spoofing MAC of course, but in that
> case they are probably savvy :)
> https://standards.ieee.org/develop/regauth/oui/oui.txt

That is one option but I generally dislike hard coding stuff like that.

> > Number of wireless networks are not an issue so I _am_ beginning to think
> > that more than two is necessary.  For example:
> > 1. Open - Open network - no Tor
> > 2. Transparent proxy - all tcp traffic allowed - forced through Tor -
> > everything on separate circuits  - captive warning
> > 3. Transparent proxy as 2 minus captive portal (for gadgets or someone who
> > know what they are doing)
> > 4. Isolating proxy - only https allowed - forced through Tor - everything on
> > separate circuits and everything else blocked
> the timeout behavior, perhaps you could detect "brain-dead re-attempt
> repeat" behavior for this duration, and then let through instead.
> this came up in past discussions about a device that is simply
> connected but idle, not yet seen by human.  and a device that is
> headless dumb, like your media player.

In the case of my media player I don't really provide it with login details, so it is merely a matter of preventing it's chattiness to be tied to my IP address.  I'll be fine if everything from that is just pushed through Tor.  I don't do streaming much by the way (live in a place with relatively slow Internet), so the chattiness is mostly downloading covers, movie descriptions etc.

I am not sure I get your time out idea.  Do you remember when it was discussed or the subject - then I can go back and read the archive.

> thanks again for the open discussion!

The beauty of Open Source in general :)  I must admit after the Anonabox thing I expected to hit more hostility on this list, but I am quite happy with the discussion so far.

-- 
Lars Boegild Thomsen
https://reclaim-your-privacy.com
Jabber/XMPP: lth@xxxxxxxxxxxxxxxxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk