[tor-relays] Tor non-exit list

Chris Enkidu-6 tor at wcbsecurity.com
Sat Jun 22 10:32:10 UTC 2024 

Hi Carsten,

Although I understand why you're directing your comments to Dan, because
his site is popular, but you should note that even if he decides to take
that list down, his site is not the only way for people to get their
hands on the list. In fact anyone with basic know-how can extract them
from Tor metrics:

https://onionoo.torproject.org/details?type=relay&running=true

I've been generating [the same list and more in my
repository](https://github.com/Enkidu-6/tor-relay-lists?tab=readme-ov-file#tor-relay-lists)
for probably a couple of years now. Anyone who's using my [tor ddos
Mitigation iptables rules](https://github.com/Enkidu-6/tor-ddos)
knowingly or not, is using that list.

My point is, that as long as the information is a matter of public
records and accessible freely on Tor metrics, you can't stop Admins from
using it. So any objections to the list should be pointed at Tor
organization as a whole for making it publicly available. And by the
way, not making it public will create a whole lot of other challenges.

Cheers.


On 6/19/2024 3:37 AM, Carsten Otto wrote:
> Hi Dan,
>
> For reference:
> https://www.dan.me.uk/dnsbl
> https://www.dan.me.uk/tornodes
> https://www.dan.me.uk/torlist/?full
>
> First of all, thank you for your tools and other contributions. The mere
> fact that your DNS blocklists are used by countless vendors should be a
> compliment in itself, and I'd be happy to have that much impact with my
> own projects.
>
> As you already state on your own site ("Please think carefully
> before choosing to use this list for blocking purposes"), your non-exit
> Tor relay list is a bit unusual. I'm running ftp.halifax.rwth-aachen.de,
> a major file mirror serving around 30 TByte of data at around 4 GBit/sec
> (on average). Recently, we added Tor relays on the same IP address, and
> your list correctly picked this up (137.226.34.46).
>
> Now, I'm writing as this caused quite a lot of mayhem. Several
> "security" appliance vendors didn't "think carefully" before adding your
> non-exit list to their devices. Among those are Arbor Prevail, Check
> Point, Ubiquiti (UniFi) - feel free to search for
>
>   "ET TOR Known Tor Relay/Router (Not Exit) Node"
>
> to see the effect of this. In addition to private users making use of
> such devices, several banks/corporations/institutions started blocking
> our IP address, causing some frustration with us and their admins, as
> their Linux/Jenkins/... updates suddenly stopped working. As you might
> have guessed, changing "security" configurations (even if they may be
> wrong or questionable) is quite a challenge, and in some cases the
> (motivated) admins weren't unable to fix this issue on their end.
>
> As you seem to be well aware of what Tor is, what an exit relay does and
> what a non-exit relay does, would you be willing to retire the non-exit
> blocklist (at least the part that can be used for automated blocks)? I'd
> argue that the current setup does more harm than good (assuming you
> agree that Tor is a good thing in general). I'd be happy to discuss pros
> and cons, but ultimately that's your decision to make.
>
> Thanks
> Carsten
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list