[tor-dev] exit-node block bypassing
infinity0 at gmx.com
Tue Dec 31 11:49:03 UTC 2013
On 31/12/13 12:35, Jeroen Massar wrote:
> On 2013-12-31 12:07, Ximin Luo wrote:
>> Hey all,
>> Flashproxy helps to bypass entry-node blocks. But we could apply
>> the general idea to exit-nodes as well - have the exit-node connect
>> to the destination via an ephemeral proxy.
> If an exit node is blocked towards a certain site, that exit node should
> define a policy stating that it is blocked by that destination.
> (DirAuths could maybe be made to add extra details like that?)
> If an exit node is useless it is a bad exit and should not be used at
> all, that is, shutdown.
This is an unrelated topic from my original post. I am asking whether trying to implement an anti-exit-node-blocking-system would be A Good Thing To Do.
> For your 'flashproxy' case, it would just mean 'moving' the exit node to
> the new exit IP btw. You would thus only be shifting the problem.
Those new IPs are ephemeral and unpredictable, therefore not feasible to block. See the flashproxy page on how it works; a few tweaks are needed to make it work for exits, but it's fairly straightforward to do so.
But this is also an unrelated topic. I am less interested in getting it to technically work (because I am convinced it *will* work), but rather on whether it is a good idea or not.
More information about the tor-dev