[tor-talk] Blocking Tor - solutions?

[Andrew Lewman]

On Wed, 15 Feb 2012 18:17:34 +0100
Matej Kovacic <matej.kovacic at owca.info> wrote:
> what are the solutions if someone is downloading list of IP addresses
> of Tor exit points and block access to his website from this IP
> addreses?

There is no easy, nor good solution right now. A solution that exists is
to run an unpublished exit relay. You then change the tor client to
allow .exit notation and use your private exit relay. I have heard of
some orgs that do this and share their exit relay with their
membership.  

They use the normal tor network for everything they can, and then
switch to the private-relay.exit notation when needed. If the exit relay
is discovered (whether through cracking, law enforcement collection,
etc), then it could be much easier to map out who used it. It also may
increase liability because the exit relay operator cannot use the easy
explanation of "it was a public tor exit relay, therefore not my
traffic".

The private exit relay still doesn't know where the client is in the
world, but not what the client is doing if using ssl and the like. The
org would possibly know what set of humans have access to it.

This is in no way condoning this option, but I'm continually surprised
at the creativity involved by others in using tor.

-- 
Andrew
http://tpo.is/contact
pgp 0x74ED336B