How to ban bad tor node which would redirect http request to a certain ip tracker?
Roger Dingledine
arma at mit.edu
Sat Nov 17 10:42:32 UTC 2007
On Sat, Nov 17, 2007 at 02:29:09AM -0800, s s wrote:
> I recently found some "bad" tor node would redirect http request to a
> pre-configured address such as
> http://218.86.119.72/req.php?str1=xxx&&str2=url
> where xxx is a 18 digit number contain a Unix time stamp and url is
> the original url requested.
> then the host 218.86.119.72 will send back a cookie which named
> 'UniProclove' whose content is also a 18 digit number.
>
> Is it possible to configure tor to isolate such a "bad" tor node?
> or is it possible to configure tor to refuse to connect/relay to
> certain ip addresses?
Yes, you can exclude the node by nickname (or better, by key fingerprint)
by adding an "ExcludeNodes" line to your torrc file. See the man page
for details.
But even better, if you tell us which node it is, we'll a) try to contact
the operator to get him to fix it, as it's quite likely to be an innocent
misconfiguration, and b) blacklist it from the directory consensus in
the meantime, so other users won't stumble into it.
(I've been meaning for a while to come up with some mechanism for users to
report problems they see, while we wait for Mike Perry to get his TorFlow
application more automated. But there are enough false positives that I
don't think we should just say "mail tor-volunteers". I'm not sure what
the best plan should be.)
Thanks!
--Roger
More information about the tor-talk
mailing list