Is "gatereloaded" a Bad Exit?
Jan Weiher
jan at buksy.de
Sat Jan 29 19:40:45 UTC 2011
Am 29.01.2011 20:13, schrieb Jon:
> On Sat, Jan 29, 2011 at 12:46 PM, Jan Weiher <jan at buksy.de> wrote:
>> Hi,
>>
>> while scrolling through the tor status page (torstatus.blutmagie.de), I
>> stumpled upon the following node (the reason why it came to my eye was
>> the long uptime):
>>
>> gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92
>>
>> This node looks suspicious to me, because there is no contact info given
>> and the exit policy allows only unencrypted traffic:
>>
>> reject 0.0.0.0/8:*
>> reject 169.254.0.0/16:*
>> reject 127.0.0.0/8:*
>> reject 192.168.0.0/16:*
>> reject 10.0.0.0/8:*
>> reject 172.16.0.0/12:*
>> reject 194.154.227.109:*
>> accept *:21
>> accept *:80
>> accept *:110
>> accept *:143
>> reject *:*
>>
>> Am I missing something? I'm wondering why the status page lists this
>> node as non-exit, because it clearly allows outgoing traffic on ports
>> 21,80,110 and 143?
>> I'm aware of the fact that it is not recommended to use tor without
>> additional encryption, but some users do. And I dont see any reason for
>> only allowing unencrypted traffic than snooping?
>> Can anyone clearify this? If the admin of this node is on the list,
>> would he please explain this situation?
>>
>> best regards,
>> Jan
>
>
> It may possible be a middle node instead of an exit node.
>
As far as I understand the ExitPolicy, the first matching rule applies.
Which means, that this is an Exit Node, at least for ports 21,80,110 and
143 to IP adresses that do not match the reject rules above the
corresponding accept rules. Anyone is free to correct me if I'm wrong,
but a middle node has only _one_ ExitPolicy which is "reject *:*".
best regards,
Jan
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list