Is this a Tor exit node connecting to me?
Matt Ghali
matt at snark.net
Sun Mar 25 19:22:12 UTC 2007
On Sun, 25 Mar 2007, Joseph B. Kowalski wrote:
> On Sun, 25 Mar 2007 03:20:10 -0700 Pei Hanru <peihanru at gmail.com>
> wrote:
>> A small issue. When I query the DNSBL server for my slow,
>> middleman only
>> (reject *:*) server, it returns 127.0.0.2. Is it a good idea to
>> include
>> non-exit Tor servers in this list?
>>
>
> Yes, since when you are performing the first type of query, you are
> simply asking whether an IP address is an active Tor server or not,
> of any kind. Now, if anyone wanted to see if your Tor server would
> exit to their location or not, they could perform the second type
> of query (See my original post for details on the two query types,
> if necessary), which, in your case, would always return NXDOMAIN
> since you don't allow any exiting.
Please consider returning a different A record for the first query
type to allow differentiation between exit nodes and middlemen.
Returning 127.0.0.2 for exit nodes and 127.0.0.3 for middleman nodes
will allow sendmail dnsbl configurations to easily do the 'right'
thing.
thanks!
matto
--matt at snark.net------------------------------------------<darwin><
Moral indignation is a technique to endow the idiot with dignity.
- Marshall McLuhan
More information about the tor-talk
mailing list