stamparm/maltrail

[Feature Request] All nodes for Tor feed, not only exit nodes

clanto007 opened this issue · 5 comments

clanto007 commented

With the current list of nodes Tor traffic is never recognized.
I propose to change the list and use the pfblockerng list to find all IPs of all nodes in the Tor network and make the recognition more accurate.

These are the lists updated daily:
https://unlockforus.com/pfblockerng/tor_nodes_ipv4.txt
https://unlockforus.com/pfblockerng/tor_nodes_ipv6.txt

stamparm commented

With the current list of nodes Tor traffic is never recognized. <- with tor exit nodes Tor traffic is never recognized??? aren't tor exit nodes used for accessing sites (e.g. having Maltrail in front)?

clanto007 commented
stamparm commented

you said With the current list of nodes Tor traffic is never recognized.. right? generally speaking, that means both inbound and outbound

scriptzteam commented

You could also probably use those lists maybe?

https://tor-relays.0xc0d3.xyz/

exits.txt: Exit relays only, IPv4 and IPv6. Use this list to block traffic to your site from the Tor Network.
exits-ipv4.txt: Exit relays only, IPv4 only.
exits-ipv6.txt: Exit relays only, IPv6 only.
relays.txt: All relays within the Tor Network, exit and non-exit, IPv4 and IPv6.
relays-ipv4.txt: All relays, IPv4 only.
relays-ipv6.txt: All relays, IPv6 only.
updated.txt: The time in UTC when the list was last updated.

stamparm commented

https://tor-relays.0xc0d3.xyz/ is behind the CloudFlare, so I can smell a problem