[tor-relays] How to detect Tor exit IP addresses (was Re: [SOLVED] published descriptor missing from consensus)
Roger Dingledine
arma at mit.edu
Thu Jun 8 23:06:57 UTC 2017
On Thu, Jun 08, 2017 at 05:30:37PM -0500, Scott Bennett wrote:
> Consider another case. Users have often complained that running a tor
> relay results in their IP addresses being blocked by all manner of services
> around the Internet. The providers of those services say they have suffered
> attacks originating from tor relays. The project's response was to create
> an automatically, frequently updated list of IP addresses of exit relays and
> make that list available for download by anyone wishing to block traffic from
> tor exits, while allowing traffic from all other relays. That list of
> addresses suffers the same problem of not including alternative IP addresses
> for those relays. Even worse, troublesome connections from those alternative
> addresses *can* be traced back, in some cases, to the exit relay. Once those
> services have identified the offending traffic as coming from a machine they
> had been promised by the tor project would be in the downloadable list of
> exit relay addresses, they may decide that they had been deceived by the tor
> project, which could lead to many bad things in the future.
I think we might have to agree to disagree about a lot of these topics,
but I wanted to correct this one.
The bulk exit list:
https://check.torproject.org/cgi-bin/TorBulkExitList.py
along with TorDNSEL is designed to handle exactly this situation, and
it does it pretty well.
--Roger
More information about the tor-relays
mailing list