Excludenodes not considered?

Scott Bennett bennett at cs.niu.edu
Sun Feb 15 20:56:41 UTC 2009


     On Sun, 15 Feb 2009 10:54:56 -0500 Nick Mathewson <nickm at torproject.org>
wrote:
>On Sun, Feb 15, 2009 at 08:12:44AM -0500, force44 at Safe-mail.net wrote:
>> I have in my torrc file this line:
>> 
>> ExcludeNodes {de},xxx,yyy
>> 
>> Despite the German nodes should not be used, some circuits use some of them, right now for example 
>> 
>> LavendarMan (Online)
>> Location: Worms, DE
>> IP Address: 89.12.25.230
>> 
>> and
>> 
>> susebib (Online)
>> Location: DE
>> IP Address: 90.135.0.47
>> 
>> The first one is in Germany according to a whois, the second one in fact seems to be in Sweden.
>> 
>> So if the second could be used, why is the first used?
>
>1) Whois is not a good way to find out where a computer actually is.
>   Whois tells you about where the DNS name is registered, not where the
>   computer is physically located.  GeoIP is a better bet.

     A minor correction here:  whois works just fine for that purpose,
provided it is given an IP address, not a domain or host+domain name.
When you ask it about an IP address, it typically gives information
about the assignee(s) and about *all* of the address spaces allocated
to the same assignee(s), which can sometimes be a nuisance.
     BTW, in counting exits by port number, I typically see that the
most heavily used service is port 43, the "whois" port.  (I allow only
a few IP addresses on port 80, so it doesn't count.)  The second most
frequently used port is 443 ("https"), which I had expected to be in
first place, not second.  If anyone has ideas why exits to port 43 are
roughly twice as frequent as exits to 443, I'd be interested.
>
>   (FWIW, both of those addresses seem to be in Germany according to
>   GeoIP too.  But I just wanted to mention that whois is a poor
>   choice here.)
>
>2) What version of Tor are you running?  You didn't say.
>
>3) Tor needs a geoip file to have country detection work.  Yours was
>   installed, right?

     That might be the OP's problem.  I know that on my FreeBSD 6.3
system, tor has never admitted to finding the file, even though it is
installed *and* I added at least one other link in a location where I
hoped tor might see it.  FWIW, I'm running 0.2.1.12-alpha.  However,
this version and 0.2.1.7-alpha, which was the last version I used,
do not issue the complaint that the file is missing upon startup, so
maybe the recent versions are indeed finding the file and just not
commenting on the matter.  If tor is finding the file now, I still
don't know whether it's finding the file in the installed location or
via an extra link that I made.  In any case, it doesn't seem to be an
impediment to tor functioning in any other respect, so I haven't really
worried about it much.
>
>4) For some features, like hidden services, Tor needs to use
>   particular nodes, since those were chosen by the service provider
>   as introduction points, or they wound up as HS directories.  Do you
>   know if you were you contacting or publishing a hidden service at
>   the time?
>
>5) Do you know what position in your circuit these nodes occupied?
>
>6) Did you get an INFO log by any chance?  (Please don't post it to
>   the list if it's huge.)


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-talk mailing list