[tor-relays] Filtering TOR Non-exit Relay - Just Curious

[Konrad Neitzel]

Hi!

Maybe I am not such a big expert but this is a good chance for me to
expose my understanding so others could correct me if I am wrong.

On Sun, 2013-10-27 at 17:27 -0700, Nelson wrote:

> Again, I tested this and with PeerBlock I can actually block known ip's
> of the nodes you mention (not something TOR is intended for, or I want
> to do or need to do), and for all intents and purposes if "my
> organization" had sufficient resources, knowing that we could actually
> create blocklists to prevent traffic coming to and from unwanted middle
> and exit nodes, then will be in effect "shaping traffic flow"?
> Considering of course "we" had "several" relays ourselves?

I understood that you want to simply block other tor servers so only (or
mostly) your tor servers will be allowed.

From my understanding you cannot attack tor that way:

a) You need to get client connections. But with such a configuration
other tor servers cannot connect to you. and one part of the process is,
that other servers connect to your server to measure the speed.

b) A client tries to build a circuit. from my understanding, the client
is choosing the servers to use. So even if a client connects to your
server then the creation of the circuit will fail and the client will
build up some other circuit instead. 

But as a I tried to said before: I am not an expert so far. It is just
my understanding which could be completly wrong.

With kind regards,

Konrad

-- 
Konrad Neitzel <konrad at neitzel.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131028/2bd0324d/attachment.sig>