On 14-05-07 10:37 AM, Tom Ritter wrote:
On 7 May 2014 10:09, Pika ohc pikaonthefly@outlook.com wrote:
Thanks for your kindly reply. According to [1], i am still wondering if it is possbile to make the minimum route path length as 1 (which default is set to 3) and set Exitnodes to my server as default exit nodes in the clients' torrc. Moreover, if the setting I mentioned is possible, the client can send all the traffic directly to my server and ask my server(exit node) to relay to the destination, where the scenario may be as the same as that described on [1]. Sorry for asking the question again with your answer. And looking forward to the answers. :)
An exit node checks the prior node in the path, and if it is not part of the Tor Network, will not allow a single-hop path to be built through it*. This settings can be disabled on the ExitNode (that is, you can explicitly allow that behavior) by setting ExcludeSingleHopRelays. (https://www.torproject.org/docs/tor-manual.html.en#ExcludeSingleHopRelays)
The above option is for Tor clients to say what they will use. I think the option relevant to a relay operator would be AllowSingleHopExits 0
You may also want to set RefuseUnknownExits 1 to get some level of assurance from Tor authorities that the nodes using your exit are legit.
I suspect that someone could trick the Exit Node by running a tor relay and building a SingleHop circuit through your exit node from the same machine running the relay - but generally speaking this is not something you should worry about, as it affects everyone equally.
There are historical examples of Tor clients and scripts (e.g. SOAT) that try to build single hop circuits to test various conditions on the network. You can also do it manually with the ARM Tor controller. The AllowSingleHopExits 0 setting would make these harder, as the client would have to emulate a relay well enough to fool whatever check that option runs.
However, nothing prevents someone from operating an entry guard and a middle node on two separate machines, and then having a client on another computer create a circuit through them to your exit node. You would not be able to tell that it was all from the same source. Use of the MyFamily option is optional ;)