Delivery-Date: Tue, 24 Jun 2014 09:57:01 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 55CD81E09FF
	for <archiver@seul.org>; Tue, 24 Jun 2014 09:56:59 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2DB092FE85;
	Tue, 24 Jun 2014 13:56:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9CA492FE79
 for <tor-talk@lists.torproject.org>; Tue, 24 Jun 2014 13:50:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0xSeoP_8rIsv for <tor-talk@lists.torproject.org>;
 Tue, 24 Jun 2014 13:50:29 +0000 (UTC)
X-Greylist: delayed 876 seconds by postgrey-1.34 at eugeni;
 Tue, 24 Jun 2014 13:50:28 UTC
Received: from na01-bn1-obe.outbound.protection.outlook.com
 (mail-bn1blp0189.outbound.protection.outlook.com [207.46.163.189])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "MSIT Machine Auth CA 2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id F325E2FE34
 for <tor-talk@lists.torproject.org>; Tue, 24 Jun 2014 13:50:28 +0000 (UTC)
Received: from BY2PR08MB175.namprd08.prod.outlook.com (10.242.39.15) by
 BY2PR08MB176.namprd08.prod.outlook.com (10.242.39.17) with Microsoft SMTP
 Server (TLS) id 15.0.959.24; Tue, 24 Jun 2014 13:35:46 +0000
Received: from BY2PR08MB175.namprd08.prod.outlook.com ([169.254.13.5]) by
 BY2PR08MB175.namprd08.prod.outlook.com ([169.254.13.20]) with mapi id
 15.00.0959.000; Tue, 24 Jun 2014 13:35:46 +0000
From: Michael O Holstein <michael.holstein@csuohio.edu>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Thread-Topic: [tor-talk] Running an exit node which exits on a different IP
 than	it listens to
Thread-Index: AQHPj61CMP2ZCT6kNkKfbgwfgDDGrZuAP/At
Date: Tue, 24 Jun 2014 13:35:45 +0000
Message-ID: <1403616944927.61911@csuohio.edu>
References: <CAKkunMZZ752LeEJDPcZHavtaOwMXHewJksTmKjLqoPC_8fdtaQ@mail.gmail.com>
In-Reply-To: <CAKkunMZZ752LeEJDPcZHavtaOwMXHewJksTmKjLqoPC_8fdtaQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [137.148.13.101]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 02524402D6
x-forefront-antispam-report: SFV:NSPM;
 SFS:(6009001)(377454003)(199002)(189002)(36756003)(4396001)(21056001)(2656002)(81342001)(92566001)(74662001)(50986999)(83072002)(101416001)(46102001)(74502001)(85852003)(81542001)(15975445006)(19580395003)(19580405001)(83322001)(86362001)(66066001)(20776003)(64706001)(80022001)(76176999)(54356999)(99396002)(87936001)(31966008)(77096002)(99286002)(95666004)(77982001)(106356001)(88552001)(76482001)(79102001)(75432001)(106116001)(92726001)(105586002)(85306003);
 DIR:OUT; SFP:; SCL:1; SRVR:BY2PR08MB176;
 H:BY2PR08MB175.namprd08.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords;
 A:1; MX:1; LANG:en; 
MIME-Version: 1.0
X-OriginatorOrg: csuohio.edu
Subject: Re: [tor-talk] Running an exit node which exits on a different IP
 than	it listens to
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Is the collateral damage from trying to play hide-and-seek from RBL services really worth it? .. the "overzealoous" RBL operators just want to catalog proxy servers so website ops can decide if they want the headache or not -- which is a perfectly valid concern.

Overzealous is what happens when you try and play games and RBLs start getting less specific than a /32. 

I've been on both sides of this one, and were I to fire up an exit again I'd want to run it at zero bandwidth for a month or so just so all the RBL ops ensure it's listed .. people rush to abuse the new ones, and not for utopian visions of a free Internet either.

Michael Holstein
Cleveland State University


________________________________________
From: tor-talk <tor-talk-bounces@lists.torproject.org> on behalf of Anders Andersson <pipatron@gmail.com>
Sent: Tuesday, June 24, 2014 9:07 AM
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Running an exit node which exits on a different IP than     it listens to

I have been sorting through my mailbox the last few days and stumbled
upon an email from 2012, from this mailing list. A worried user got a
false negative from check.torproject.org because an exit relay sent
exit traffic out on an IP that's different from what was advertised.

However, this made me think that it is perhaps not such a bad idea if
more exit relays did that, even slower ones. I have access to a couple
of IP numbers that I could easily configure in this way.

Basically: Use one IP for Tor traffic, and one IP for exit traffic.
The Tor traffic IP:Port is what would be advertised to the Tor
network, and only that.

The reason would be to minimize the chances of the exit IP ending up
in some overzealous blacklist. I'm pretty sure that a lot of the
blacklist operators just scrape the public list of relays and then
they end up in a lot of places where the customer is not even aware
what is being blocked. This is painfully obvious to people running a
non-exit relay from home, when trying to use IRC or other services.

Is this a good idea to do if you have the resources? Will it cause any
non-obvious problems? I guess one problem is that check.torproject.org
will show that you're not using Tor, unless it's been modified since
2012 to check this in another way.

I'm not sure if I'm making myself clear here, please ask me to clarify
if this is the case.

// Anders
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

