9

I am new to Tor and currently trying to understand the architecture of onion routing. However, I came across this TorDNSEL which makes it possible (for a tool using TorDNSEL) to detect whether traffic is coming from Tor exit node or not? This way websites can check the source IP against a list of IPs of exit nodes and block the traffic accordingly. I am not entirely sure why Tor publishes the exit node IP addresses publicly. Is it how Tor is designed or is it more of a "courtesy" to the websites/organizations who wants to block Tor traffic?

Any response would be much appreciated.

Jens Kubieziel
  • 8,630
  • 5
  • 35
  • 116
S. Holmes
  • 105
  • 1
  • 4

2 Answers2

5

The list of all Tor relays and whether they are exits needs to be public, because Tor clients use this information to build circuits.

There is no point in trying to keep this information 'secret' because anyone could obtain the list by running a client and then publish it.

For operators of exit relays, the fact that they are publicly advertised as such may help them deal with abuse reports and DMCA noticed and the like.

See this related question.

Community
  • 1
Jobiwan
  • 3,685
  • 2
  • 19
  • 31
0

The workaround to this is to deploy and use a private Tor network. Anyone can run their own directory authorities that aren't part of the public network as their own independent Tor network. Therefore, the mere fact that a machine isn't part of the public Tor network doesn't mean it's not a Tor node, strictly speaking.

Tor publishes TorDNSEL as a convenience to prevent the alternative: the need to probe every IP for "signs" of being an exit node (which notably port-scanning , etc. is illegal in certain countries like the United States because collection of such information can be considered conspiracy to commit unauthorized access to a computer) and thus potentially blocking either large ranges of IPs while still being somewhat ineffective, or else only being able to block a small percentage of exit nodes given the vast surface area of the entire public Tor network.

The problem here is that we don't know how many non-public Tor networks there really are out there deployed on the scale of an large intranet. Should these networks at any time decide to disclose their existence to the public, it will have the effect of turning large segments of the internet into de facto Tor nodes, though not necessarily all Public nodes. This in turn would do away with the common misconceived idea that an IP address can be used to identify a person to any degree, as it will become impossible to determine conclusively whether a IP is a Tor node within a private network.

John Doe
  • 1