[tor-talk] Cloak Tor Router
coderman at gmail.com
Thu Nov 6 13:41:09 UTC 2014
On 11/4/14, Lars Boegild Thomsen <lth at reclaim-your-privacy.com> wrote:
> I will definitely look into this one. This should be quite easy to
> implement by messing a bit with the firewall tables :)
> Only problem I see is that to make it useful I think it would have to time
> out at some point.
in the past i have used OUI prefix lists to avoid known bad behavior.
(this doesn't work if a device is spoofing MAC of course, but in that
case they are probably savvy :)
a few hundred prefixes to opt-in safe (captive unless masked avoid),
half that to fail open on occasion (default no captive unless known usable)
> Number of wireless networks are not an issue so I _am_ beginning to think
> that more than two is necessary. For example:
> 1. Open - Open network - no Tor
> 2. Transparent proxy - all tcp traffic allowed - forced through Tor -
> everything on separate circuits - captive warning
> 3. Transparent proxy as 2 minus captive portal (for gadgets or someone who
> know what they are doing)
> 4. Isolating proxy - only https allowed - forced through Tor - everything on
> separate circuits and everything else blocked
the timeout behavior, perhaps you could detect "brain-dead re-attempt
repeat" behavior for this duration, and then let through instead.
this came up in past discussions about a device that is simply
connected but idle, not yet seen by human. and a device that is
headless dumb, like your media player.
more feedback when i have time.
thanks again for the open discussion!
More information about the tor-talk