Re: [tor-dev] Detecting multi-homed exit relays (was: Onion auto-redirects using Alt-Svc HTTP header)

2017-11-18 Thread grarpamp 
>> Detecting exit nodes is error prone, as you point out. Some exit nodes
>> have their traffic exit a different address than their listening
>> port. Hey does Exonerator handle these?
>
> Right.  It's not trivial for tor to figure out what exit relays are
> multi-homed -- at least not without actually establishing circuits and
> fetching content over each exit relay.
>
> I just finished an exitmap scan and found 17
> exit relays that exit from
> an IP address that is different from what's listed in the consensus:

This mode of operation, regardless of how it happens, is not in
itself a problem, nor cause for alarm. In fact, the nature of these
"exit IP different than ORPort" relays can and often does assist
users in circumventing censorship... a fundamental use case of Tor.
For instance, the arbitrary automated and blind blocking via dumb
blocklists that prevent even such most basic user activity and human
right to knowledge as simply reading websites via Tor. Such blocking
examples can often be found here:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor

It's also entirely up to the exit operator to determine if the
third party non contractual / SLA exonerator service is of any
particular use or benefit to them or not... perhaps they have other
notary means, or are immune or not subject to any such legal or
jurisdictional issues, for which it becomes moot.

Similarly, realtime TorDNSEL and the like could be considered
to be censorship enabling tools.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] Detecting multi-homed exit relays (was: Onion auto-redirects using Alt-Svc HTTP header)

2017-11-15 Thread Philipp Winter 
On Wed, Nov 15, 2017 at 10:03:39AM -0600, Tom Ritter wrote:
> Detecting exit nodes is error prone, as you point out. Some exit nodes
> have their traffic exit a different address than their listening
> port.[1]

Right.  It's not trivial for tor to figure out what exit relays are
multi-homed -- at least not without actually establishing circuits and
fetching content over each exit relay.

I just finished an exitmap scan and found 17 exit relays that exit from
an IP address that is different from what's listed in the consensus:

193.171.202.146 -> 193.171.202.150 for 

104.223.123.99  -> 104.223.123.98 for 

87.118.83.3 -> 87.118.82.3 for 

89.31.57.58 -> 89.31.57.5 for 

37.187.105.104  -> 196.54.55.14 for 

77.247.181.164  -> 77.247.181.162 for 

198.211.103.26  -> 185.165.169.23 for 

52.15.62.13 -> 69.181.127.85 for 

138.197.4.77-> 163.172.45.46 for 

52.15.62.13 -> 104.132.0.104 for 

31.185.27.203   -> 31.185.27.201 for 

104.223.123.101 -> 104.223.123.98 for 

77.247.181.166  -> 77.247.181.162 for 

149.56.223.240  -> 149.56.223.241 for 

88.190.118.95   -> 94.23.201.80 for 

192.241.79.175  -> 192.241.79.178 for 

143.106.60.70   -> 193.15.16.4 for 


___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev