On Thu, Jul 02, 2020 at 10:12:19AM -0000, sean_sulli...@danwin1210.me wrote: > The only reason I'm interested in "freja" is because I saw it's IP was the > last login to one of my accounts. I checked the IP with WHOIS and got > concerned. Then I checked "torstatus" and was relived that it was a Tor > node. Then I got confused because it wasn't an exit node.
Actually, its exit policy does allow some outgoing ports: https://metrics.torproject.org/rs.html#details/2096BCFEBB95A1134F39FCF8CEB076FF41A2B48B So, it is missing the Exit flag, because its exit policy doesn't include both ports 80 and 443. I guess the follow-up question would be: when you say "one of my accounts", perhaps this is an account that is reachable on a port other than 80 and 443? For example, an irc account? (When a relay is missing the Exit flag, Tor clients (a) won't use it when preemptively making circuits, before new connections come in, because it's too likely that the new connection will be for a destination that the relay can't handle, and (b) won't apply the load balancing weights that make them avoid using exit relays in non-exit positions in the circuit. But if a connection request comes in when there aren't any preemptive circuits already built, then the client will pick among any relays whose exit policies allow that destination. So yes, it is possible to use relays for exiting even when they don't have the Exit flag, but they will get used less often.) destination port k use when new connections come in > My point is that the IP of "freja" was the last login. So, unless there's > a scenario I haven't thought of, surely it must at some point on Tuesday > have been an exit node? Is there a way to check this? Exonerator is the right tool for asking historical questions like this: https://metrics.torproject.org/exonerator.html?ip=194.88.143.66×tamp=2020-06-30&lang=en and it looks like the Exonerator folks have opted to say "yes" on whether it counted as an exit relay, probably because its exit policy allowed some connections, even if it didn't allow enough that it qualified for the Exit flag. All of this said, there is another possible explanation for your scenario, though I don't think it happened here: sometimes relays exit from a different IP address than they advertise in their descriptor. And sometimes if there are several relays run by one person or organization, one of the exit addresses overlaps with another relay. So it is possible to receive a connection from the Tor side from an address that is a non-exit relay, if there is an exit relay running nearby to it. But I don't think that happened here. Hope this helps, --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
