[tor-relays] BadExit: Rerouting exit relays detected (1) 45.63.11.98
Mike Perry
mikeperry at torproject.org
Sun Oct 11 18:39:17 UTC 2020
On 10/11/20 1:17 PM, nusenu wrote:
>> I am losing patience with the "let's play nice and let exit IP addresses
>> be predictable" model... We are not being treated well by the banhammer
>> brigade, and it might be time to flip some tables. I would not call
>> simply using a different exit IP than your relay's OR port a bad exit.
>
> I'm not calling exit relays using distinct IPs or inbound (OR) and outbound
> connections "BadExits" either, quite the opposite, all exits should be using
> https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressExit
> if they have spare IPs.
> That is why I implemented and automated that configuration in relayor.
Ok that sounds reasonable. Thanks!
> I believe I can tell rerouting exits from exits having distinct IPs for
> inbound and outbound connections - in most cases.
Are your scanners available for others to run? I understand that it is a
risk that making them public may allow bad exits to avoid them, but is
it ok if other specific people use and adapt the scanners?
>> Remember that our directory authorities are deliberately independent
>> from TPI though, and even what I think is not necessarily what TPI
>> thinks. The dirauths may have different opinions. Coordinating policy of
>> this nature is difficult and requires consensus building.
>
> Since dir auths have been removing these kinds of relays, I don't think there
> is any policy change necessary.
Ok great! Sometimes I am surprised by their decisions, and I didn't see
this one.
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20201011/aa416d95/attachment.sig>
More information about the tor-relays
mailing list