[tor-talk] Bad Exit Node Control

Damian Johnson atagar at torproject.org
Sat Mar 30 04:48:04 UTC 2013


Roc Admin, glad you're interested in bad relay detection!

> I'm working on an updated version of SnakesOnATor (SOAT) that was used
> to monitor the Tor network for bad exit nodes.

Does this mean that you're planning to expand the SoaT codebase? Write
a revised version? If the project is going to be revived then it would
make sense for it to take advantage of one of our newer controller
libraries...

stem (threaded, similar to TorCtl) - https://stem.torproject.org/
txtorcon (twisted) - https://txtorcon.readthedocs.org/

> Namely, that there is no official
> mechanism to kick off a bad exit. If I understand correctly, this was
> a manual process in the past that entailed emailing the op and
> eventually kicking them off?

Correct. Three of the directory authorities vote on the BadExit flag
which, when set, causes Tor clients to avoid using that relay as an
exit. There are also a couple other methods (invalid and reject) for
removing a relay, for a little more on this see...

https://trac.torproject.org/projects/tor/wiki/doc/badRelays

There are a couple troubles though with the present relay flagging strategy...

1. We don't have anyone actively monitoring for bad relays or
maintaining SoaT (or projects like it).

2. Even when a bad exit *is* reported our process for flagging it is
pretty well broken. To be flagged at least two of the three authority
operators that vote on the BadExit flag need to take manual action.
All three operators are highly busy people so in practice relays don't
get flagged without considerable nagging.

We are certainly interested in improvements on both counts, it just
takes someone wanting to lead the space.

Cheers! -Damian


More information about the tor-talk mailing list