[tor-relays] Simplifying ExoneraTor

Karsten Loesing karsten at torproject.org
Tue Jul 7 06:48:00 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/07/15 03:45, teor wrote:
> 
>> On 7 Jul 2015, at 09:46 , josh at tucker.wales wrote:
>> 
>>> From the perspective of someone investigating abuse, I think
>>> it's important that 'not an exit relay' means 'not capable of
>>> exiting on any port at all'. Ergo I think your option c) is the
>>> way to go.
>> 
>> I also think this (c) is the best option. I agree that it's
>> important to be able to determine, from an investigatory
>> perspective, whether or not a relay was capable of exiting on any
>> port.

Okay, let's do c).

> And, if we are going to implement "Exit" as any port, it should
> also be *any* IP, not just an IPv4 /8 as in the Ext flag
> definition.

The issue of such a definition would be that we couldn't rely on
what's written in the network status consensus, but we'd have to parse
server descriptors.  If possible, I'd only want to use what's in the
consensus for ExoneraTor's Exit column.  Here's the information we can
learn from the consensus:

r TorLand1 4ekiogr2CHKIJKYgutxu/Iy4wrg ZzWUBT9yjZyg/SBXixf0Ll9VlZk
2015-07-06 19:13:14 37.130.227.133 443 80
a [2a02:2498:e001:3c::133]:443
s Exit Fast Guard HSDir Running Stable V2Dir Valid
v Tor 0.2.6.7
w Bandwidth=166000
p accept
20,23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544,554,563,636,706,749,873,902-904,981,989-995,1194,1220,1293,1500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,12350,19294,19638,23456,33033,64738

For c), we'd just check if there's a "p reject 1-65535" line or not.

Here's the updated design mockup:

https://people.torproject.org/~karsten/volatile/exonerator-mockup/

Thanks, everyone, for the very useful feedback so far!

All the best,
Karsten

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJVm3YfAAoJEJD5dJfVqbCr9cgH/iBRWNAFA0TJhNBrJa5TtOXD
b0F9DmwMbdiDixCkwpBfk+8Dik7HljPXY35fM3zZsmreG4ygoDSwc2enpTMhlYSw
lqt4r1KBj5VG8L8sAg3F4EIRseho7wC3BP1eZEwj0oVtjmzTIQPBafDD7EoBszJT
UKw3wiBx9wV73StJGTCbhqRl7NbeEe30pJ5IN9t1QrYDoeGCOCS0Wt8wPuhGh2Pn
TKv1OEUrxA89j1l8/QN2MvQkiqWhgiaHNVp6Iom/cpZdTnYUI4EGLsKmedLy+Q1b
qnnVouatFTyzdYVq7ZQjky9nr9YaTF6HdeHewi50EV9tVVJ7jo01zn2w74fOl3M=
=Lklj
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list