lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat Jun  3 20:56:39 2006
From: sargoniv at gmail.com (John Sprocket)
Subject: Tool Release - Tor Blocker

sure, there's a lot of legitimate tor users out there. but tor is a free
community supported proxy chain. an attacker can use this great tool
in their attacks in order to keep themselves hidden. a security
minded administrator would probably not want a user to visit their site
and remain hidden. why if i being interested in protecting my website
would i want to allow a valid or invalid user to visit my website?
do we want a proxy chain for an attacker even tho it has valid reasons
for usage?

there's probably a much better way to accomplish what jason areff
is wanting to do. but this is a start. and i see where he's coming from.
and sure, his code my suck...but hey. he's an administrator, not a coder.
;-)

jason, rather than blacklisting like that, there might be a better way. you
might have to look at how tor works though.

Tonnerre Lombard <tonnerre.lombard@...roup.ch> wrote:
>
> Salut,
>
> On Sat, 2006-06-03 at 00:21 -0400, Jason Areff wrote:
> > It has come to our attention that the majority of tor users are not
> > actually from china but are rather malicious hackers that (ab)use it
> > to keep their anonymity.
>
> At this point, I would like to ask you not to use this tool in the wild.
> There is a whole lot of legitimate Tor users out there, and there are
> enough reasons to use Tor for purposes other than splatting other
> machines. For example (those applicable to me):
>
> * When I'm in the European Parliament, Tor is one of the only methods
>    other than a VPN on port 80 to actually get traffic in and out. This
>    again is helpful to have live communication of decisions/debates and
>    to interact in a sensible way.
> * When I'm in the European Union, I don't want to be a suspected
>    terrorist because I talk to my friends in Pakistan, Israel, Brazil,
>    Honduras, Cuba etc. (about the latest NetBSD development etc. by the
>    way)
> * Some of my security research usually gets me on the black lists of
>    some federal police blah etc. because they consider everyone
>    searching for that a terrorist. Yet I do it mostly to be up to date
>    on certain developments in terms of security.
>
> There are many more reasons which I also wrote a number of articles
> about in various magazines and on various websites. There are a couple
> of abusers of Tor, for sure. But by blocking them, you are also
> preventing us from making legal use of this nice tool. And it really is
> a nice tool.
>
> Another thing to consider is:
>
> Most of the attacks on your server are coming from the Internet, just
> like a lot of SPAM, port scans, etc. There is little legitimate traffic,
> as opposed to the local network where a lot of employees and backup
> servers etc. are doing their work and nearly 80% of the traffic are
> actually legitimate. Why not block the Internet then? Most of the time
> you don't get the bastard spamass anyway.
>
>                                 Tonnerre
> --
> SyGroup GmbH
> Tonnerre Lombard
>
> Loesungen mit System
> Tel:+41 61 333 80 33    Roeschenzerstrasse 9
> Fax:+41 61 383 14 67    4153 Reinach
> Web:www.sygroup.ch      tonnerre.lombard@...roup.ch
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (NetBSD)
>
> iQIVAwUARIFw1+1mMGan/TnWAQKI7BAApf0KjQbKSxXgAtQPU2bYAKMMw++FdsHS
> YYEXdhPEwEmCcaVoUTG/u0PPBMxM8QlKyN8d0yb9v9C/RCQWK+UwJqx817/60rPJ
> QZE1I8wLRjCYnpTzvDd29KCSR810683qO1uPZiybjku353ipfrMjqFor3XrptV4b
> ncgCM/6hdAs23TkDWxv+3fxhjYs0fPQG8ynxvlQ3TV0JvhrT8vQoFzsLZg8xqsJj
> dEY4WyDYBQgKB05GuB4/gixT2uiqN0IvVp4L7hrcsOD1y8KCIdtfz+IE5T/qKmQZ
> tYXbGoduVWh5RjUozaiwxhl6s1YXydwxJgcCSMojBac5yZY1eExIXmXsrknv0CN/
> PQ16iZuZZatDCTP5hCPJe9ezlUuoHqyHp7vzdWhW3vV/O/mzGN1rb0EJ7bpGneUV
> CcrDFhsN5jvGVD8y8wGuXJM6tsCGfjUYdkOlXDVwLOiEk7bft+fD1n/H5lA/8B7v
> OgnQvQ8s3T6wS1yzUiGkeOdklaBh+dJiwox6ru5ITx+b6ewMj683gv1rT1SKHoW1
> gkMSU2o6ujTTRvT4HOZP/nGpZ7aDmn9v3QGNmLmyEBBD8NqokujHJyn47EQeitBI
> tg7rKVyEBpR0TP+0Ua9aS8fKSCYyb4O3SF8hFbQR9kyuIA3EV6vVIFkYJOlrUdsY
> IWZ9AI3S4k0=
> =fDmB
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060603/5a5a93d0/attachment.html

Powered by blists - more mailing lists