On Thursday 06 November 2014 05:41:09 coderman wrote: > > I will definitely look into this one. This should be quite easy to > > implement by messing a bit with the firewall tables :) > > Only problem I see is that to make it useful I think it would have to time > > out at some point. > in the past i have used OUI prefix lists to avoid known bad behavior. > (this doesn't work if a device is spoofing MAC of course, but in that > case they are probably savvy :) > https://standards.ieee.org/develop/regauth/oui/oui.txt That is one option but I generally dislike hard coding stuff like that. > > Number of wireless networks are not an issue so I _am_ beginning to think > > that more than two is necessary. For example: > > 1. Open - Open network - no Tor > > 2. Transparent proxy - all tcp traffic allowed - forced through Tor - > > everything on separate circuits - captive warning > > 3. Transparent proxy as 2 minus captive portal (for gadgets or someone who > > know what they are doing) > > 4. Isolating proxy - only https allowed - forced through Tor - everything on > > separate circuits and everything else blocked > the timeout behavior, perhaps you could detect "brain-dead re-attempt > repeat" behavior for this duration, and then let through instead. > this came up in past discussions about a device that is simply > connected but idle, not yet seen by human. and a device that is > headless dumb, like your media player. In the case of my media player I don't really provide it with login details, so it is merely a matter of preventing it's chattiness to be tied to my IP address. I'll be fine if everything from that is just pushed through Tor. I don't do streaming much by the way (live in a place with relatively slow Internet), so the chattiness is mostly downloading covers, movie descriptions etc. I am not sure I get your time out idea. Do you remember when it was discussed or the subject - then I can go back and read the archive. > thanks again for the open discussion! The beauty of Open Source in general :) I must admit after the Anonabox thing I expected to hit more hostility on this list, but I am quite happy with the discussion so far. -- Lars Boegild Thomsen https://reclaim-your-privacy.com Jabber/XMPP: lth@xxxxxxxxxxxxxxxxxxxxxxxx
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk