[tor-relays] circuits that fail the exit policy repeatedly

Scott Bennett bennett at cs.niu.edu
Sun Apr 3 10:59:47 UTC 2011


     Upon occasion, I see very long sequences of info-level log messages to
the effect that an exit stream has failed the exit policy.  Is there any good
reason why a relay should not return a DESTROY cell on a circuit whose exit
connection attempts have failed the exit policy some threshhold number of
times?  After all, the exit policy is published information.  Anyone making
repeated attempts to violate it is either doing so in ignorance of a recent
change to the exit policy, perhaps not yet propagated to the client causing
the problem, or is doing so as some sort of cracking attempt.  It seems to
me that killing a circuit in this situation is appropriate to minimize waste
of tor network resources.
     Any thoughts on this?


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************


More information about the tor-relays mailing list