freakofnurture wrote:
----
On 3/22/06, Wwwwolf wrote:
All right, so my guess is there's some Bloody Idiot in the neighborhood who
runs a Tor node, 80/tcp traffic comes out of that host and gets intercepted
and forwarded by the ISP's proxy (that *every* customer is forced to use, I
remind you again).
In other words, the blocked IP is, in my educated guess, *not* the Tor node.
It just unwittingly hides a Tor node behind it.
This sounds quite plausible. I've encountered a similar situation with
213.42.2.11 and 213.42.2.21, which are proxies used by a large ISP in
the United Arab Emirates. Some customer of that ISP apparently has a
proxy trojan on their computer, and so we keep getting open proxy
vandalism from those IPs, which can't be blocked without major
collateral damage.
I believe MediaWiki does have a list of "known" proxies that can be
trusted to supply a valid X-Forwarded-For header. As the whois records
for 213.216.199.14 seem legit, and the proxy appears to provide the
necessary headers, I personally see no reason not to add it to the list.
--
Ilmari Karonen