I'm on a forum that has banned IP Addresses (I assume) due to spamming. Maybe they are using a blacklist, I don't know. I use the site with Firefox and TorButton. About half the time I am able to access the site's pages, but about 50% of the time I get the error message: "Sorry. The Adminstrator has banned your IP Address...".

When I check my current IP Address, it seems to be the same 3 IP Addresses, over & over again. But when I check the graph of my Tor network, I see HUNDREDS of tor Users and I assume Tor could be using any or all of them, but for whatever reason it wants to use the same 3 banned IP Relays/Servers (whatever the correct term is) over & over again.

I thought the whole point was to randomize the IP Address in order to provide anonymity.

It ain't workin'.

Am I doing something wrong, is this thing broken, or what ?

I dunno, but it sounds like you are trying evading a ban and it is not really our purpose to help you with that. If you do feel you are wrongly banned, contact the administrator of that site, and also perhaps not use tor to get to that site.

No, he's trying to use Tor.

It may be that a lot of Tor users are disallowing exiting to that site. But even so...same IPs all the time, I'd call that suspicious. Tor is all very well and good, but I rather suspect it could be completely subverted by your ISP if they wished to.

Exactly.

I may have overstated it a bit. Tor does not default to the same 3 Servers each & every time, and it's not necessarily just the same 3 Servers, however it DOES seem to exit the same group of Servers more frequently than others.

Half the time it seems to exit the same group of banned servers, the other half it exits unbanned servers. The group of banned Servers is smaller (about 5 or so) than the unbanned Servers (I never seem to repeat these in any given session.

Tor seems to want to exit to the banned Servers more frequently when I have my Tor configured to allow others to use it. I have three options, and when I "Run as Client only", Tor seems to distribute which Server it exits more evenly, but if I am configured to "Help censored Users reach the Tor network", that is when it seems to repeat the same Servers over & over again most frequently.

I aplogise for my inadequate description of what is happening, but in my mind it's very clear.

I've learned a little bit since the first post. One thing I think I've figured out is that not all "participants" (what is the correct word for this) in the Tor network are Exit Servers. Originally I assumed that the messages came into randomly, got tossed around randomly and then exited randomly, but apparantly this is not the case. Everything exits via a "Exit Server", which is disappointing. I'd rather the message exit in an unpredictable manner from anywhere in the network, and wonder why Tor does not function like this.

Is this possible, and is a matter of time before it happens, or is there some reason why it can never work like this ?

Choice of the users. Some people are quite happy to relay Tor traffic, but don't want to act as exit nodes. Some jurisdictions may hold the person running an exit node responsible for the traffic it creates, and as you've seen, Tor exit nodes are commonly IP banned from certain websites due to people using Tor to cause trouble on said websites. Indeed, some sites, notably Wikipedia, have a policy of blocking all Tor exit nodes.

Thanks.

But what makes an "Exit Node" ? I can fire-up Vidalia and push one button and I'm a Relay Node? and push another button and I'm an "Exit Node".

How does Wikipedia et al ... know who is and who is not an "exit node" ? Is this information gathered by Tor and distributed ? Given how fast things change, this would have to be updated pretty frequently (once every minute ?)

And if I'm an Exit Node today and get banned from Wikipedia, and tomorrow it's just me and I'm not even running Tor, am I still banned ?

So I fired-up Vidalia to see if this was true. The first attempt at accessing the "Discussion" page of the wikipedia article: "Tor (anonymity network)" resulted in a blocked message (see attached).

Push Vidalia's "New Identity" button and with a new IP of "174.138.169.2xx" I could have vandalized to my heart's content. I was logged on under my account, so that may be why I was able to access wiki using a Tor Exit Node, but I doubt it. I don't think they can update fast enough to ban all Tor Nodes, nor do I think it's practical to set-up permanent bans, either.

I'm also still curious regarding the previous questions regarding Tor's future. P2P clients require Users to upload a certain amount of data in order to maintain their ability to download and it seems to me that Tor is going to have to evolve in this direction in order to maintain any kind of functionality.

Several times I have read that Tor Users can be tracked and possibly identified by being monitored where they enter Tor, and by where they exit. If the number of Exit Nodes is limited, that dramatically reduces the level of anonymity for everyone.

Attached Thumbnails

 

Does it (the issue regarding the three IPs being reused) happen only with that forum site or with all sites? If it only happens on that specific site, perhaps it's an exit policy issue? What I mean is that if the site is using ports which are by default filtered, I think Tor would need to stick to exit nodes with a liberal enough policy, limiting the available number of viable exit nodes.

A host which forwards traffic from within the Tor network to the final destination outside the Tor network. Practically speaking, it's the IP which a site sees your request as originating from.

I don't know. I only have this problem with one particular site. I'm willing to test it, but other than cruising forums looking for block messages I wouldn't know how to test for it.

It sounds like you are saying a forum (site) can refuse connection attempts on particular ports as well as IP address ? How then would an Exit Node (or any other computer) know which ports are open ? Do computers attempt to connect and run through multiple ports until they find one ? I don't know much about ports. I guess I figured everyone is on the same port ? How does that all work ? Link would be great, I'm self-motivated and like to read.

Yes, but people seem to talk about Exit Nodes as if they were static. These 3 "primary" exit nodes (more like 5) seem to carry a disproportionate amount of my traffic. I'm still not clear on how ports would figure into this.

If the issue is that or ports and not just of IP, would it be possible to control which ports my browser (Mozilla) is using ? (This is getting confusing, btw...)

My understanding is that Tor won't select an exit node if it knows that the node's exit policy will reject your request. For example, if you are attempting to connect to example.com:25, Tor would need to find an exit node which allows outbound connections to port 25. Since presumably most exit nodes don't allow outbound connections to port 25 (for obvious reasons), then the amount of exit nodes which can be used to fulfill your request will be limited. This is why I'd recommend testing to determine whether or not you experience the same issue when you browse other sites. You can use the same method you used to learn that you were being limited to three exit nodes.

If Tor Exit Nodes reject traffic based on ports, this implies that there are very few Tor Exit Nodes that are accepting traffic on the port(s) that are used for forums (like this one). Again, I don't know much about ports. I get the idea that certain things go on certain ports, but I don't think the port(s) used to web-browse a chat forum are going to be treated any differently than if you web-browsed to facebook or whatever. I would assume that browser traffic is all the same, and it would go on all the same port(s).

For me this thread is evolving in other directions. It occured to me that it might be possible to configure a client to not use certain Exit Nodes, to prefer others, etc...

Is it Vidalia that makes these decisions ? What is the difference in function between Tor, Vidalia and Privoxy ? I've never understood why it was necessary to have 3 separate softwares running, and why they all were not consolidated into a single and streamlined package ?

If one makes the decision to remain in the Tor network, are there other alternatives to Vidalia ?

The TOR network doesn't gain much new exit nodes so blocking it shouldn't be hard. Lots of blocklists around and the main TOR management nodes emit a list of all nodes or else just have TOR listening to get the current list... Anyway TOR is what builds the circuits to make your traffic travel to its destination. Privoxy (or Polipo) is "just" a proxy for, a conduit into, TOR and Vidalia is "just" a GUI for managing TOR configurations. So the minimal combo you need to access the TOR network is TOR plus a conduit. Unless you use network commands to manipulate tor directly all the decision making tor bases on what it reads from /etc/tor/torrc, and according to the documentation there's not much tweaking necessary. If you're interested in TOR beyond documentation and the OR website doesn't cut it for you then I suggest reading the mailing list (archives). It's active and it holds lots of interesting stuff.