Wtf, this exit has addresses that do not belong to it! https://metrics.torproject.org/rs.html#details/385527185E26937D05E0933DD29FF...
I'm very sure there are only nifty rabbits on the 185.220.101.0/24 subnet!
Thanks for the report, I have forwarded it for removal.
lists@for-privacy.net:
Wtf, this exit has addresses that do not belong to it! https://metrics.torproject.org/rs.html#details/385527185E26937D05E0933DD29FF...
Yes, rerouting exit traffic is a practice we have observed in the past.
BadExit: Rerouting exit relays detected (1) The following exit relays are routing their traffic back into the tor network: ----------------------- nickname: exitnew First seen: 2020-09-25 12:00:00 Consensus weight: 1410 AS: Choopa, LLC OR IP address: 45.63.11.98 Exit addresses: 185.140.53.7 185.220.101.207 45.154.35.219 45.63.11.98 51.158.111.157 https://atlas.torproject.org/#details/385527185E26937D05E0933DD29FF1699056CA...
I'm very sure there are only nifty rabbits on the 185.220.101.0/24 subnet!
niftybummy has relays outside of 185.220.101.0/24
On 10/11/20 10:20 AM, nusenu wrote:
Thanks for the report, I have forwarded it for removal.
lists@for-privacy.net:
Wtf, this exit has addresses that do not belong to it! https://metrics.torproject.org/rs.html#details/385527185E26937D05E0933DD29FF...
Yes, rerouting exit traffic is a practice we have observed in the past.
BadExit: Rerouting exit relays detected (1) The following exit relays are routing their traffic back into the tor network:
nickname: exitnew First seen: 2020-09-25 12:00:00 Consensus weight: 1410 AS: Choopa, LLC OR IP address: 45.63.11.98 Exit addresses: 185.140.53.7 185.220.101.207 45.154.35.219 45.63.11.98 51.158.111.157 https://atlas.torproject.org/#details/385527185E26937D05E0933DD29FF1699056CA...
I'm very sure there are only nifty rabbits on the 185.220.101.0/24 subnet!
niftybummy has relays outside of 185.220.101.0/24
I am losing patience with the "let's play nice and let exit IP addresses be predictable" model... We are not being treated well by the banhammer brigade, and it might be time to flip some tables. I would not call simply using a different exit IP than your relay's OR port a bad exit.
However, re-routing exit traffic back into Tor like this is not the answer. It is simply wasteful. I am in favor of delisting such relays.
Remember that our directory authorities are deliberately independent from TPI though, and even what I think is not necessarily what TPI thinks. The dirauths may have different opinions. Coordinating policy of this nature is difficult and requires consensus building.
Again, I understand your frustration.
I am losing patience with the "let's play nice and let exit IP addresses be predictable" model... We are not being treated well by the banhammer brigade, and it might be time to flip some tables. I would not call simply using a different exit IP than your relay's OR port a bad exit.
I'm not calling exit relays using distinct IPs or inbound (OR) and outbound connections "BadExits" either, quite the opposite, all exits should be using https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressE... if they have spare IPs. That is why I implemented and automated that configuration in relayor.
I believe I can tell rerouting exits from exits having distinct IPs for inbound and outbound connections - in most cases.
Remember that our directory authorities are deliberately independent from TPI though, and even what I think is not necessarily what TPI thinks. The dirauths may have different opinions. Coordinating policy of this nature is difficult and requires consensus building.
Since dir auths have been removing these kinds of relays, I don't think there is any policy change necessary.
On 10/11/20 1:17 PM, nusenu wrote:
I am losing patience with the "let's play nice and let exit IP addresses be predictable" model... We are not being treated well by the banhammer brigade, and it might be time to flip some tables. I would not call simply using a different exit IP than your relay's OR port a bad exit.
I'm not calling exit relays using distinct IPs or inbound (OR) and outbound connections "BadExits" either, quite the opposite, all exits should be using https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressE... if they have spare IPs. That is why I implemented and automated that configuration in relayor.
Ok that sounds reasonable. Thanks!
I believe I can tell rerouting exits from exits having distinct IPs for inbound and outbound connections - in most cases.
Are your scanners available for others to run? I understand that it is a risk that making them public may allow bad exits to avoid them, but is it ok if other specific people use and adapt the scanners?
Remember that our directory authorities are deliberately independent from TPI though, and even what I think is not necessarily what TPI thinks. The dirauths may have different opinions. Coordinating policy of this nature is difficult and requires consensus building.
Since dir auths have been removing these kinds of relays, I don't think there is any policy change necessary.
Ok great! Sometimes I am surprised by their decisions, and I didn't see this one.
Are your scanners available for others to run? I understand that it is a risk that making them public may allow bad exits to avoid them, but is it ok if other specific people use and adapt the scanners?
You don't need to actively perform scans (in the sense of establishing circuits) to detect rerouting exits, onionoo provides you with the required data: OR IP: https://metrics.torproject.org/onionoo.html#details_relay_or_addresses Exit IPs: https://metrics.torproject.org/onionoo.html#details_relay_exit_addresses
On 10/11/20 3:08 PM, nusenu wrote:
Are your scanners available for others to run? I understand that it is a risk that making them public may allow bad exits to avoid them, but is it ok if other specific people use and adapt the scanners?
You don't need to actively perform scans (in the sense of establishing circuits) to detect rerouting exits, onionoo provides you with the required data: OR IP: https://metrics.torproject.org/onionoo.html#details_relay_or_addresses Exit IPs: https://metrics.torproject.org/onionoo.html#details_relay_exit_addresses
I meant the code for your other scans. We have my original scanner (part of torflow repo), and one phw wrote, and another set of onion service attack scanners. TPI might consider also running your scanners in addition to or instead of some of these. Plus more people running scanners may mean faster results and easier result confirmation... Though, this is subject to obvious issues with this being an arms race, if scans are discovered, of course.
I also agree with your ticket about the time rotation feature. And I'm not sure we should necessarily publish this info anymore.
I think this and similar ideas should be explored. We're trying to figure out how to put it all together into an approach that makes sense.
On Sun, Oct 11, 2020 at 01:39:17PM -0500, Mike Perry wrote:
I believe I can tell rerouting exits from exits having distinct IPs for inbound and outbound connections - in most cases.
Are your scanners available for others to run? I understand that it is a risk that making them public may allow bad exits to avoid them, but is it ok if other specific people use and adapt the scanners?
Right, in this particular case, we already run a scanner which provides public output: it's the tordnsel scanner, and check out https://check.torproject.org/exit-addresses
So what we are missing still is (a) a human to go through that list periodically to look for exits that have weirdly too many exit addresses, especially addresses that overlap with other exits, and then (b) somebody to automate the process that that human uses.
In the 'bad exit finding' world, we've had problems in the past with false positives, where some automated tool spams us with "possible" problem relays and we quickly learn that ignoring those reports is the best use of our time. So as we try to automate this one, I'd be a fan of putting the detection threshold quite high, so when we trigger on a relay and escalate to the humans, it's because we're quite confident there's something that needs action.
Remember that our directory authorities are deliberately independent from TPI though, and even what I think is not necessarily what TPI thinks. The dirauths may have different opinions. Coordinating policy of this nature is difficult and requires consensus building.
Since dir auths have been removing these kinds of relays, I don't think there is any policy change necessary.
Ok great! Sometimes I am surprised by their decisions, and I didn't see this one.
Right. This one's an easy choice, because not only is it wasteful as you say, it is also a way that somebody can sign up an exit relay to look at traffic without needing to actually be the exit for that traffic.
--Roger
On 11.10.2020 22:41, Roger Dingledine wrote:
Right, in this particular case, we already run a scanner which provides public output: it's the tordnsel scanner, and check out https://check.torproject.org/exit-addresses
Damn it, the boy was hardworking.
ExitNode 385527185E26937D05E0933DD29FF1699056CAF3 Published 2020-10-11 11:54:00 LastStatus 2020-10-11 17:00:00 ExitAddress 185.220.102.252 2020-10-11 17:52:50 ExitAddress 45.154.35.218 2020-10-11 17:13:21 ExitAddress 45.63.11.98 2020-10-11 09:19:06 ExitAddress 51.158.111.157 2020-10-10 23:51:28 ExitAddress 45.154.35.219 2020-10-10 20:14:28 ExitAddress 185.220.101.207 2020-10-10 18:10:02 ExitAddress 185.140.53.7 2020-10-10 15:04:52 ExitAddress 23.129.64.205 2020-10-10 09:14:15 ExitAddress 23.129.64.100 2020-10-10 06:10:30 ExitAddress 185.220.100.240 2020-10-10 03:41:38 ExitAddress 23.129.64.207 2020-10-09 21:04:35 ExitAddress 23.129.64.209 2020-10-09 19:31:42 ExitAddress 23.129.64.212 2020-10-09 15:18:55 ExitAddress 185.107.47.215 2020-10-09 12:02:09 ExitAddress 45.154.35.216 2020-10-09 09:11:20 ExitAddress 162.247.74.7 2020-10-09 08:10:41 ExitAddress 45.154.35.214 2020-10-09 04:27:16 ExitAddress 130.225.244.90 2020-10-09 03:34:52 ExitAddress 46.165.245.154 2020-10-08 22:09:32 ExitAddress 185.220.102.248 2020-10-08 21:13:44 ExitAddress 45.154.35.211 2020-10-08 15:17:28 ExitAddress 45.154.35.213 2020-10-08 14:52:41 ExitAddress 185.140.53.9 2020-10-08 12:42:16 ExitAddress 145.239.92.26 2020-10-08 11:34:41 ExitAddress 185.140.53.5 2020-10-08 09:39:55 ExitAddress 51.195.150.250 2020-10-08 05:42:51 ExitAddress 185.220.102.247 2020-10-08 04:38:46 ExitAddress 51.83.139.56 2020-10-08 02:41:35 ExitAddress 216.239.90.19 2020-10-07 22:10:28 ExitAddress 35.0.127.52 2020-10-07 21:46:15 ExitAddress 185.220.102.241 2020-10-07 20:04:33 ExitAddress 45.154.35.220 2020-10-07 17:28:29 ExitAddress 209.141.39.33 2020-10-07 15:49:11 ExitAddress 185.220.101.10 2020-10-07 12:39:45 ExitAddress 185.220.101.200 2020-10-07 05:12:35 ExitAddress 51.195.149.132 2020-10-06 19:26:01 ExitAddress 45.154.35.212 2020-10-06 18:39:37 ExitAddress 179.43.167.226 2020-10-06 12:55:24 ExitAddress 185.220.102.242 2020-10-06 09:04:52 ExitAddress 162.247.74.201 2020-10-05 11:44:18 ExitAddress 45.154.35.210 2020-10-05 09:59:58 ExitAddress 51.75.144.43 2020-10-05 01:24:36 ExitAddress 185.220.100.250 2020-10-04 12:52:37 ExitAddress 94.142.244.16 2020-10-04 09:26:13 ExitAddress 45.154.35.215 2020-10-04 08:15:17 ExitAddress 185.220.102.243 2020-10-03 20:13:45 ExitAddress 5.79.109.48 2020-10-03 16:56:19 ExitAddress 54.36.108.162 2020-10-02 18:11:45 ExitAddress 209.141.61.129 2020-10-01 21:48:30 ExitAddress 18.27.197.252 2020-10-01 18:26:32 ExitAddress 51.178.43.104 2020-10-01 15:39:56 ExitAddress 185.220.100.252 2020-10-01 07:57:36 ExitAddress 185.220.102.8 2020-10-01 06:29:39 ExitAddress 51.81.83.151 2020-09-30 21:55:17 ExitAddress 185.220.102.253 2020-09-30 17:52:13 ExitAddress 37.120.152.116 2020-09-30 13:25:01 ExitAddress 162.247.74.200 2020-09-30 11:02:05 ExitAddress 185.220.100.241 2020-09-30 10:44:36 ExitAddress 45.129.56.200 2020-09-30 07:52:31 ExitAddress 171.25.193.77 2020-09-29 17:15:03 ExitAddress 185.220.101.205 2020-09-28 22:13:13 ExitAddress 198.251.89.136 2020-09-28 15:27:51 ExitAddress 193.218.118.140 2020-09-28 12:39:45 ExitAddress 185.220.101.199 2020-09-28 05:45:20 ExitAddress 85.248.227.165 2020-09-28 00:42:28 ExitAddress 185.220.101.148 2020-09-27 18:58:16
https://metrics.torproject.org/rs.html#search/185.220. niftybunny, Zwiebelfreunde, Digitalcourage & F3Netze help each other but have their machines in different IX. They don't throw their IPs from the separate ASNs onto one machine. ;-)
Just woke up. So, whats wrong with some of my relays in this list?
nifty
On 12. Oct 2020, at 00:13, lists@for-privacy.net wrote:
On 11.10.2020 22:41, Roger Dingledine wrote:
Right, in this particular case, we already run a scanner which provides public output: it's the tordnsel scanner, and check out https://check.torproject.org/exit-addresses
Damn it, the boy was hardworking.
ExitNode 385527185E26937D05E0933DD29FF1699056CAF3 Published 2020-10-11 11:54:00 LastStatus 2020-10-11 17:00:00 ExitAddress 185.220.102.252 2020-10-11 17:52:50 ExitAddress 45.154.35.218 2020-10-11 17:13:21 ExitAddress 45.63.11.98 2020-10-11 09:19:06 ExitAddress 51.158.111.157 2020-10-10 23:51:28 ExitAddress 45.154.35.219 2020-10-10 20:14:28 ExitAddress 185.220.101.207 2020-10-10 18:10:02 ExitAddress 185.140.53.7 2020-10-10 15:04:52 ExitAddress 23.129.64.205 2020-10-10 09:14:15 ExitAddress 23.129.64.100 2020-10-10 06:10:30 ExitAddress 185.220.100.240 2020-10-10 03:41:38 ExitAddress 23.129.64.207 2020-10-09 21:04:35 ExitAddress 23.129.64.209 2020-10-09 19:31:42 ExitAddress 23.129.64.212 2020-10-09 15:18:55 ExitAddress 185.107.47.215 2020-10-09 12:02:09 ExitAddress 45.154.35.216 2020-10-09 09:11:20 ExitAddress 162.247.74.7 2020-10-09 08:10:41 ExitAddress 45.154.35.214 2020-10-09 04:27:16 ExitAddress 130.225.244.90 2020-10-09 03:34:52 ExitAddress 46.165.245.154 2020-10-08 22:09:32 ExitAddress 185.220.102.248 2020-10-08 21:13:44 ExitAddress 45.154.35.211 2020-10-08 15:17:28 ExitAddress 45.154.35.213 2020-10-08 14:52:41 ExitAddress 185.140.53.9 2020-10-08 12:42:16 ExitAddress 145.239.92.26 2020-10-08 11:34:41 ExitAddress 185.140.53.5 2020-10-08 09:39:55 ExitAddress 51.195.150.250 2020-10-08 05:42:51 ExitAddress 185.220.102.247 2020-10-08 04:38:46 ExitAddress 51.83.139.56 2020-10-08 02:41:35 ExitAddress 216.239.90.19 2020-10-07 22:10:28 ExitAddress 35.0.127.52 2020-10-07 21:46:15 ExitAddress 185.220.102.241 2020-10-07 20:04:33 ExitAddress 45.154.35.220 2020-10-07 17:28:29 ExitAddress 209.141.39.33 2020-10-07 15:49:11 ExitAddress 185.220.101.10 2020-10-07 12:39:45 ExitAddress 185.220.101.200 2020-10-07 05:12:35 ExitAddress 51.195.149.132 2020-10-06 19:26:01 ExitAddress 45.154.35.212 2020-10-06 18:39:37 ExitAddress 179.43.167.226 2020-10-06 12:55:24 ExitAddress 185.220.102.242 2020-10-06 09:04:52 ExitAddress 162.247.74.201 2020-10-05 11:44:18 ExitAddress 45.154.35.210 2020-10-05 09:59:58 ExitAddress 51.75.144.43 2020-10-05 01:24:36 ExitAddress 185.220.100.250 2020-10-04 12:52:37 ExitAddress 94.142.244.16 2020-10-04 09:26:13 ExitAddress 45.154.35.215 2020-10-04 08:15:17 ExitAddress 185.220.102.243 2020-10-03 20:13:45 ExitAddress 5.79.109.48 2020-10-03 16:56:19 ExitAddress 54.36.108.162 2020-10-02 18:11:45 ExitAddress 209.141.61.129 2020-10-01 21:48:30 ExitAddress 18.27.197.252 2020-10-01 18:26:32 ExitAddress 51.178.43.104 2020-10-01 15:39:56 ExitAddress 185.220.100.252 2020-10-01 07:57:36 ExitAddress 185.220.102.8 2020-10-01 06:29:39 ExitAddress 51.81.83.151 2020-09-30 21:55:17 ExitAddress 185.220.102.253 2020-09-30 17:52:13 ExitAddress 37.120.152.116 2020-09-30 13:25:01 ExitAddress 162.247.74.200 2020-09-30 11:02:05 ExitAddress 185.220.100.241 2020-09-30 10:44:36 ExitAddress 45.129.56.200 2020-09-30 07:52:31 ExitAddress 171.25.193.77 2020-09-29 17:15:03 ExitAddress 185.220.101.205 2020-09-28 22:13:13 ExitAddress 198.251.89.136 2020-09-28 15:27:51 ExitAddress 193.218.118.140 2020-09-28 12:39:45 ExitAddress 185.220.101.199 2020-09-28 05:45:20 ExitAddress 85.248.227.165 2020-09-28 00:42:28 ExitAddress 185.220.101.148 2020-09-27 18:58:16
https://metrics.torproject.org/rs.html#search/185.220. niftybunny, Zwiebelfreunde, Digitalcourage & F3Netze help each other but have their machines in different IX. They don't throw their IPs from the separate ASNs onto one machine. ;-)
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
niftybunny:
Just woke up. So, whats wrong with some of my relays in this list?
some "exit" relay routed its traffic back into tor by using a tor client. That tor client used exit relays - yours were among them.
So nothing wrong on your side.
Torrc allows you to exit from a different IP. I thought it a good idea to stop arbitrary blocking of the advertised Tor exit IP, the captchas and blacklists that tor users suffer. When IPv6 implemented fully we have a wide range of IPs to send from on each server.
Perhaps it is not considered good form to do so as the internet should know who is using Tor.
So what is the problems for TOR security when exits set up to send from a different IP? Is it that we do not know what the second IP is up to in dealing with the IP4 traffic from the exit?
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of lists@for-privacy.net Sent: 11 October 2020 23:13 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] BadExit: Rerouting exit relays detected (1) 45.63.11.98
On 11.10.2020 22:41, Roger Dingledine wrote:
Right, in this particular case, we already run a scanner which provides public output: it's the tordnsel scanner, and check out https://check.torproject.org/exit-addresses
Damn it, the boy was hardworking.
ExitNode 385527185E26937D05E0933DD29FF1699056CAF3 Published 2020-10-11 11:54:00 LastStatus 2020-10-11 17:00:00 ExitAddress 185.220.102.252 2020-10-11 17:52:50 ExitAddress 45.154.35.218 2020-10-11 17:13:21 ExitAddress 45.63.11.98 2020-10-11 09:19:06 ExitAddress 51.158.111.157 2020-10-10 23:51:28 ExitAddress 45.154.35.219 2020-10-10 20:14:28 ExitAddress 185.220.101.207 2020-10-10 18:10:02 ExitAddress 185.140.53.7 2020-10-10 15:04:52 ExitAddress 23.129.64.205 2020-10-10 09:14:15 ExitAddress 23.129.64.100 2020-10-10 06:10:30 ExitAddress 185.220.100.240 2020-10-10 03:41:38 ExitAddress 23.129.64.207 2020-10-09 21:04:35 ExitAddress 23.129.64.209 2020-10-09 19:31:42 ExitAddress 23.129.64.212 2020-10-09 15:18:55 ExitAddress 185.107.47.215 2020-10-09 12:02:09 ExitAddress 45.154.35.216 2020-10-09 09:11:20 ExitAddress 162.247.74.7 2020-10-09 08:10:41 ExitAddress 45.154.35.214 2020-10-09 04:27:16 ExitAddress 130.225.244.90 2020-10-09 03:34:52 ExitAddress 46.165.245.154 2020-10-08 22:09:32 ExitAddress 185.220.102.248 2020-10-08 21:13:44 ExitAddress 45.154.35.211 2020-10-08 15:17:28 ExitAddress 45.154.35.213 2020-10-08 14:52:41 ExitAddress 185.140.53.9 2020-10-08 12:42:16 ExitAddress 145.239.92.26 2020-10-08 11:34:41 ExitAddress 185.140.53.5 2020-10-08 09:39:55 ExitAddress 51.195.150.250 2020-10-08 05:42:51 ExitAddress 185.220.102.247 2020-10-08 04:38:46 ExitAddress 51.83.139.56 2020-10-08 02:41:35 ExitAddress 216.239.90.19 2020-10-07 22:10:28 ExitAddress 35.0.127.52 2020-10-07 21:46:15 ExitAddress 185.220.102.241 2020-10-07 20:04:33 ExitAddress 45.154.35.220 2020-10-07 17:28:29 ExitAddress 209.141.39.33 2020-10-07 15:49:11 ExitAddress 185.220.101.10 2020-10-07 12:39:45 ExitAddress 185.220.101.200 2020-10-07 05:12:35 ExitAddress 51.195.149.132 2020-10-06 19:26:01 ExitAddress 45.154.35.212 2020-10-06 18:39:37 ExitAddress 179.43.167.226 2020-10-06 12:55:24 ExitAddress 185.220.102.242 2020-10-06 09:04:52 ExitAddress 162.247.74.201 2020-10-05 11:44:18 ExitAddress 45.154.35.210 2020-10-05 09:59:58 ExitAddress 51.75.144.43 2020-10-05 01:24:36 ExitAddress 185.220.100.250 2020-10-04 12:52:37 ExitAddress 94.142.244.16 2020-10-04 09:26:13 ExitAddress 45.154.35.215 2020-10-04 08:15:17 ExitAddress 185.220.102.243 2020-10-03 20:13:45 ExitAddress 5.79.109.48 2020-10-03 16:56:19 ExitAddress 54.36.108.162 2020-10-02 18:11:45 ExitAddress 209.141.61.129 2020-10-01 21:48:30 ExitAddress 18.27.197.252 2020-10-01 18:26:32 ExitAddress 51.178.43.104 2020-10-01 15:39:56 ExitAddress 185.220.100.252 2020-10-01 07:57:36 ExitAddress 185.220.102.8 2020-10-01 06:29:39 ExitAddress 51.81.83.151 2020-09-30 21:55:17 ExitAddress 185.220.102.253 2020-09-30 17:52:13 ExitAddress 37.120.152.116 2020-09-30 13:25:01 ExitAddress 162.247.74.200 2020-09-30 11:02:05 ExitAddress 185.220.100.241 2020-09-30 10:44:36 ExitAddress 45.129.56.200 2020-09-30 07:52:31 ExitAddress 171.25.193.77 2020-09-29 17:15:03 ExitAddress 185.220.101.205 2020-09-28 22:13:13 ExitAddress 198.251.89.136 2020-09-28 15:27:51 ExitAddress 193.218.118.140 2020-09-28 12:39:45 ExitAddress 185.220.101.199 2020-09-28 05:45:20 ExitAddress 85.248.227.165 2020-09-28 00:42:28 ExitAddress 185.220.101.148 2020-09-27 18:58:16
https://metrics.torproject.org/rs.html#search/185.220. niftybunny, Zwiebelfreunde, Digitalcourage & F3Netze help each other but have their machines in different IX. They don't throw their IPs from the separate ASNs onto one machine. ;-)
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Dr Gerard Bulger:
Torrc allows you to exit from a different IP. I thought it a good idea to stop arbitrary blocking of the advertised Tor exit IP, the captchas and blacklists that tor users suffer. When IPv6 implemented fully we have a wide range of IPs to send from on each server.
Perhaps it is not considered good form to do so as the internet should know who is using Tor.
So what is the problems for TOR security when exits set up to send from a different IP? Is it that we do not know what the second IP is up to in dealing with the IP4 traffic from the exit?
simplified: there can be two reasons for inbound (OR) IP != exit IP:
a) the exit used https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressE... or some form of NAT
b) the exit relay uses an tor client to route its traffic back into tor
This exit was doing (b), I think you are referring to (a) which is perfectly fine.
On 12.10.2020 15:05, Dr Gerard Bulger wrote:
Torrc allows you to exit from a different IP. I thought it a good idea to stop arbitrary blocking of the advertised Tor exit IP, the captchas and blacklists that tor users suffer. When IPv6 implemented fully we have a wide range of IPs to send from on each server.
Yes. but always think of prefix/subnet with IPv6. 1 IPv4 = IPv6/64 prefix
I am afraid different IPs from a /64 prefix won't do anything, mostly. Adversatories will block /48 or 56/ or /64 prefixes.
I am losing patience with the "let's play nice and let exit IP addresses be predictable" model...
I'd like to see:
add support for multiple OutboundBindAddressExit IP(ranges) https://gitlab.torproject.org/tpo/core/tor/-/issues/26646
(the time based approached mentioned towards the end)
tor-relays@lists.torproject.org
-
Dr Gerard Bulger -
lists@for-privacy.net -
Mike Perry -
niftybunny -
nusenu -
Roger Dingledine