[tor-talk] Blocking Shadowserver honeypots
Damian Johnson
atagar1 at gmail.com
Sat Mar 19 18:24:10 UTC 2011
> Would it make me a Bad Exit if I would block these hosts with iptables
> instead?
That would be up to the authority operators, but probably not. If you
have contact info set on the relay then we'd ask what's up before
setting the BadExit flag.
Blocking destinations via iptables is definitely less desirable than
doing it via the exit policy since the former doesn't inform Tor
clients that you're unwilling to handle the traffic (the connections
simply fail). That said, if you both included the current honey pots
in your exit policy *and* an iptables rule to cover any future
sinkhole IPs I'd highly doubt anyone would mind (just please be sure
to have the contact info set in case there's concern).
Cheers! -Damian
More information about the tor-talk
mailing list