TOR on Academic networks (problem)
or at inbox.org
Wed May 17 01:13:11 UTC 2006
On 5/16/06, Michael Holstein <michael.holstein at csuohio.edu> wrote:
> Since we can't put thousands of lines in the exit policy without causing
> a cascading problem, what about null-routing them .. either by putting
> entries in /etc/hosts that will be denied by the exit policy (thus
> causing the client to pick another exit -- but not preventing access
> directly by IP address), or the more secure, but more problematic,
> blocking by changing the kernel routing tables to send those networks
> into a blackhole on the TOR router.
What'd be preferable to both of those, but even harder to implement,
would be to route that traffic (or even all traffic) through a
transparent proxy with an IP outside the /16.
'Course if you're going to do that, you might as well just be a middleman node.
More information about the tor-talk