TOR Blocked at Universities
Roger Dingledine
arma at mit.edu
Thu Feb 11 23:58:20 UTC 2010
On Thu, Feb 11, 2010 at 04:20:49PM -0500, Flamsmark wrote:
> On 11 February 2010 16:17, Michael Holstein <michael.holstein at csuohio.edu>wrote:
> > Let's not debate the stupidity of authenticating a network by IP address
> > .. but the above problem is ultimately what forced us to do the same
> > thing (although we just prohibit the operation of an exit). I should
> > note that the original effort to run an exit was conducted by myself,
> > and I do network security here .. but it was the complaints from the
> > library folks that got us into hot water .. there simply wasn't an easy
> > way to block access to all of them without an overly-complex exit
> > policy, and all of our IP space is within a single /16.
>
> Why couldn't your exit policy just block the IPs of the journal sites?
Or more generally, just block *:80?
It's not the best answer I could hope for, but it's sure better than
not being an exit relay at all.
A more general approach would be to get a DMZ address, meaning somewhere
in your university address space that hasn't been whitelisted by the
libraries. That concept might not exist at your university though --
yet :).
--Roger
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list