User talk:SQL/Unblocked TOR

From Wikipedia, the free encyclopedia

This page is no longer being actively maintained. The bot will still run, for as long as the crontab for it exists on the toolserver. Please use my e-mail if you need anything urgently. SQLQuery me! 06:00, 17 May 2008 (UTC)

We're getting very different results. My procedure is that I'm using exitlist to read my cached descriptors testing all of 203.212.189.253:80, 91.198.174.2:80, 66.230.200.100:80, 66.230.200.219:80, and 66.230.200.219:443. I find 2493 exits (I found 1803 using an older set of cached descriptors). I take all the IP blocks from the database, and limit it to ones that could be valid IPv4 prefixes, which gets me 43788 block prefixes. I find 298 blocked, 2195 not blocked.

I use an exceptionally simple script to test the tor exits against the blocks, it takes the list of exits on stdin.

#!/usr/bin/python
import sys,radix
rtree = radix.Radix()
for addr in [x[:-1] for x in open('ipblocks','r').readlines()]:
  a=addr.split('/',1)
  if len(a)==1:
    a.append('32')
  a[0]=a[0].split('.',4)
  if ((not (a[1].isdigit() and int(a[1])<=32 and len(a[0])==4)) or reduce(lambda x,y: x or y,[((not x.isdigit()) or int(x)>255) for x in a[0]],False)):
    print 'Bad blockip:',addr
  else:
    a[0]='.'.join([str(int(x)) for x in a[0]]); a='/'.join(a)
    rtree.add(a)
exits=0; blocked=0
for line in sys.stdin:
  exits+=1; result=rtree.search_best(line[:-1])
  if result:
    print "Exit %s blocked by %s"%(line[:-1],result.prefix); blocked+=1
print 'Blocked:',blocked,'Not blocked:',exits-blocked

I tried using your block checker, after it took about forever and a day to poll the website, it came back saying that all were blocked. Obviously something didn't work. --Gmaxwell (talk) 12:56, 16 January 2008 (UTC)

Obviously. Could be a number of things, from certain files not existing, to libcurl not being properly installed. Seems to work for me. Can you run your tool for us, and post the results somewhere? I'd like to see exactly how wrong I seem to have it. SQL^{Query me!} 22:59, 17 January 2008 (UTC)

Also, I'm not sure about your script (I don't speak py yet :( ), but, I only check for exit nodes. Back, when I checked for all nodes, I came up with roughly the numbers you did. Of course, I'd probably come up with more valid entry nodes, if I checked against all those IP's... I'll have to look at implementing that... SQL^{Query me!} 23:02, 17 January 2008 (UTC)

The whole purpose of the existlist script is to find only nodes that can reach a particular address. I wonder if your tor cached descriptors are corrupted or if you are using an old version of Tor. As of this moment my cached-descriptors has 15,974 nodes, 2,517 of which will exit for one of the Wikimedia web IPs.

It's quite possible that I've done something wrong, but I've hand validated a random selection of about 2% of my results and found no errors.

Entry nodes/middle nodes are not at all interesting to us.. we'd never want to block them, since tor users would never visibly connect to us via them. --Gmaxwell (talk) 07:21, 18 January 2008 (UTC)

There's an interesting point.... Let me look.

Jan 23 23:20:23.849 [notice] Tor v0.1.2.17. This is experimental software. Do not rely on it for strong anonymity.

There's my version... and...

taurus:/home/sql# wc -l /var/lib/tor/cached-routers*
  64307 /var/lib/tor/cached-routers
  25418 /var/lib/tor/cached-routers.new
  89725 total

There's how many cached routers I come up with... Does that match what you have (at least sorta -- Tor nodes come and go pretty quickly)? I've checked over mine, too, and, the (also probably 2%) ones that I've checked are 100% for sure TOR. I may have err'ed too far on the 'triple check I'm sure' end... I'd rather (for my purposes) not include a 'possible' TOR node, than include it, for instance. SQL^{Query me!} 04:24, 24 January 2008 (UTC)