[tor-talk] Making TOR exit-node IP address configurable
Robert Ransom
rransom.8774 at gmail.com
Wed Mar 9 22:20:32 UTC 2011
On Wed, 09 Mar 2011 19:23:15 +0100
"Fabio Pietrosanti (naif)" <lists at infosecurity.ch> wrote:
> i've been thinking and playing a lot about the various possible risk
> mitigation scenarios for TOR exit node maintainer.
>
> Now i need to be able to pass all web traffic trough a transparent proxy
> in order to implement some kind of filters to prevent specific
> web-attacks, web-bruteforce, etc, etc
>
> One very interesting feature that's now missing from TOR and that would
> need to implement such kind of proxying is to be able to bind the
> TOR-exit traffic to a specific IP address.
> That way would be possible to "mark" with iptables the TOR exit traffic
> and just mangle this.
>
> That kind of added feature would also allow a TOR exit node to re-route
> the TOR exit traffic go away trough multiple interface in round-robin
> for example, for multi-homed TOR routers.
>
> Sounds to me like a small patch, but frankly speaking i'm not a c-coder.
> Some volunteer?
Try running "man tor |grep -C5 OutboundBindAddress".
But I'm not surprised that someone who wants to perform content
censorship on a Tor exit node is too clueless to find that Tor
configuration option, or to find out that iptables can apply different
rules to the user ID under which Tor is running.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110309/b10a18ee/attachment.pgp>
More information about the tor-talk
mailing list