[tor-bugs] #1751 [Tor Relay]: Project: Make it harder to use exits as one-hop proxies

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sun Sep 19 21:33:38 UTC 2010 

#1751: Project: Make it harder to use exits as one-hop proxies
-----------------------+----------------------------------------------------
 Reporter:  nickm      |       Owner:                     
     Type:  task       |      Status:  needs_review       
 Priority:  normal     |   Milestone:  Deliverable-Sep2010
Component:  Tor Relay  |     Version:                     
 Keywords:             |      Parent:                     
-----------------------+----------------------------------------------------

Comment(by arma):

 So here's the next question to ponder. Once upon a time, we added a
 feature where if a relay refuses to exit to an address that we think his
 exit policy supports, we call
 policies_set_router_exitpolicy_to_reject_all() which sets our view of his
 exit policy to reject *:*.

 That was back when we got a new directory a couple of times an hour. So it
 was a temporary mod, to avoid using that relay until it's overwritten on
 our next directory update.

 Then we made it so we only fetch new relay descriptors every 18 hours or
 so. And we kept the same hack.

 So if an exit refuses you, you avoid him until you get a new descriptor --
 on average 9 hours from now. So if we have a really high false positive
 rate on refuseunknownexits, clients could end up avoiding a large fraction
 of the network -- or even in extreme cases all of the network. Is "until
 we get a new descriptor" too long to wait?

 We could send back some other end reason -- any of the ones listed in
 edge_reason_is_retriable(). That would send the user to some other circuit
 without marking that exit as a non-exit for hours afterward.

 My main reason for picking reason exitpolicy here was if an exit relay for
 some reason has a higher false positive rate than the average exit relay.
 Then clients would avoid it more thoroughly.

 Hm.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1751#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list