Opened 9 years ago

Last modified 16 months ago

#3145 new enhancement

excludeexitnodes by ip misleading when exit relay uses outboundbindaddress

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: needs-design tor-client excludenodes tor-doc
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


In #3143 we have a user who tried to set ExcludeExitNodes with an IP address based on the address of his Tor traffic. It didn't work, because the exit relay in question exits from a different IP address than it advertises in its descriptor.

My first answer was "well, you should be excluding exit nodes by fingerprint". But that isn't a very satisfactory answer.

We could have the descriptors (and microdescriptors, ugh) or the consensus mention alternate IPs for this purpose.

It was easy for me to look up because moria1's cached-descriptor file says

@uploaded-at 2011-05-09 17:38:43
@source ""
router ecksnet 80 0 0

but that isn't going to be so easy for others.

There's also the tor bulk exit lists:
which have this clause for the relay in question:

ExitNode 07E9456ED300CABCE2549119FE5B3CC27DA55585
Published 2011-05-10 11:39:28
LastStatus 2011-05-11 06:04:20
ExitAddress 2011-05-10 12:33:34

but that's not exactly easier for users to know about or use either.

Child Tickets

Change History (7)

comment:1 Changed 9 years ago by nickm

Milestone: Tor: 0.2.3.x-final

A full solution will require some kind of proposal, I think. We could also:

  • Improve the documentation to remind people of this fact, and/or
  • Provide some way to learn (a notice? a controller interface?) which members of the {Exclude}*Nodes options are blocking no actual nodes.

Throwing this into 0.2.3 for now, since those are doable on a "small feature"/"bugfix" timeframe.

comment:2 Changed 9 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: unspecified
Type: defectenhancement

comment:3 Changed 8 years ago by nickm

Keywords: needs-proposal added

comment:4 Changed 8 years ago by nickm

Keywords: tor-client added

comment:5 Changed 8 years ago by nickm

Component: Tor ClientTor

comment:6 Changed 3 years ago by nickm

Keywords: needs-design excludenodes tor-doc added; needs-proposal removed
Severity: Normal

comment:7 Changed 16 months ago by cypherpunks

still worth doing., this also applies to exitnodes, that do reroute through other exitnode :( example:


Note: See TracTickets for help on using tickets.