On Wed, Aug 7, 2013 at 9:09 PM, LEE <[email protected]> wrote: > I found that there is a blacklist in Tor system > > I guess blacklist is like prison of onion routers. in other world, if > Tor system detect some onion router runs > > abnormally, Tor system put that router in blacklist and never use again. > > Is this true? > > > who manages the blacklist? > > Once some onion routers are included into blacklist, Are they not able > to get out of blacklist??
Huh? Are you talking about the BadExit flag? Or the ability that authorities have to stop voting for particular nodes? Something else? I'm going to guess that you're talking about one of those features. The way that the directory system works is, nodes publish information about themselves to all the directory authorities. A node is listed in the consensus document if a majority of the voting authorities vote for it (more or less, it's complicated, see dir-spec.txt for full details). Additionally, there are some flags that affect how nodes are used (like Running and Valid and BadExit). A node gets a flag in the consensus if the majority of the authorities who vote about that flag vote for it (again, see dir-spec.txt for the full details). An authority operator can configure their directory authority to vote for a node as BadExit, never vote for a node as Valid, or never vote for it at all. (The code for this is in src/or/dirserv.c). The directory authorities, and the authority operators are listed in every directory consensus document. Generally, the likeliest way for a node to get the BadExit flag would be to get caught altering traffic. (Mostly, this isn't done intentionally: The majority of nodes with the BadExit flag are ones that have upstream ISPs that alter traffic somehow.) The best way to get authorities to manually stop listing a node entirely would be to fire up a whole bunch of nodes in an obvious Sybil attack. (Frequently, this isn't done intentionally: in at least once case, IIRC, it was a sysadmin who got a "brilliant idea" to run Tor on every system he had access to.) Either of these statuses will last till enough authority operators stop voting against those nodes. If somebody thinks that the votes have been made in error, they should contact the authority operators, or the tor-assistants mailing list, or post here, or something. (I'm not an authority operator myself; somebody who is can post here to say more about how they make choices.) There's some other stuff that will make authorities *automatically* not vote for a node -- like if it isn't running when they try to contact it, or if it can't build circuits when the authority tries it, or if its bandwidth is way too low to be useful for the network, or if it's running a way-too-old version of Tor. I hope this answer your question! best wishes, -- Nick -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
