Hi!
Maybe I am not such a big expert but this is a good chance for me to expose my understanding so others could correct me if I am wrong.
On Sun, 2013-10-27 at 17:27 -0700, Nelson wrote:
Again, I tested this and with PeerBlock I can actually block known ip's of the nodes you mention (not something TOR is intended for, or I want to do or need to do), and for all intents and purposes if "my organization" had sufficient resources, knowing that we could actually create blocklists to prevent traffic coming to and from unwanted middle and exit nodes, then will be in effect "shaping traffic flow"? Considering of course "we" had "several" relays ourselves?
I understood that you want to simply block other tor servers so only (or mostly) your tor servers will be allowed.
From my understanding you cannot attack tor that way:
a) You need to get client connections. But with such a configuration other tor servers cannot connect to you. and one part of the process is, that other servers connect to your server to measure the speed.
b) A client tries to build a circuit. from my understanding, the client is choosing the servers to use. So even if a client connects to your server then the creation of the circuit will fail and the client will build up some other circuit instead.
But as a I tried to said before: I am not an expert so far. It is just my understanding which could be completly wrong.
With kind regards,
Konrad