lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 3 20:56:39 2006 From: sargoniv at gmail.com (John Sprocket) Subject: Tool Release - Tor Blocker sure, there's a lot of legitimate tor users out there. but tor is a free community supported proxy chain. an attacker can use this great tool in their attacks in order to keep themselves hidden. a security minded administrator would probably not want a user to visit their site and remain hidden. why if i being interested in protecting my website would i want to allow a valid or invalid user to visit my website? do we want a proxy chain for an attacker even tho it has valid reasons for usage? there's probably a much better way to accomplish what jason areff is wanting to do. but this is a start. and i see where he's coming from. and sure, his code my suck...but hey. he's an administrator, not a coder. ;-) jason, rather than blacklisting like that, there might be a better way. you might have to look at how tor works though. Tonnerre Lombard <tonnerre.lombard@...roup.ch> wrote: > > Salut, > > On Sat, 2006-06-03 at 00:21 -0400, Jason Areff wrote: > > It has come to our attention that the majority of tor users are not > > actually from china but are rather malicious hackers that (ab)use it > > to keep their anonymity. > > At this point, I would like to ask you not to use this tool in the wild. > There is a whole lot of legitimate Tor users out there, and there are > enough reasons to use Tor for purposes other than splatting other > machines. For example (those applicable to me): > > * When I'm in the European Parliament, Tor is one of the only methods > other than a VPN on port 80 to actually get traffic in and out. This > again is helpful to have live communication of decisions/debates and > to interact in a sensible way. > * When I'm in the European Union, I don't want to be a suspected > terrorist because I talk to my friends in Pakistan, Israel, Brazil, > Honduras, Cuba etc. (about the latest NetBSD development etc. by the > way) > * Some of my security research usually gets me on the black lists of > some federal police blah etc. because they consider everyone > searching for that a terrorist. Yet I do it mostly to be up to date > on certain developments in terms of security. > > There are many more reasons which I also wrote a number of articles > about in various magazines and on various websites. There are a couple > of abusers of Tor, for sure. But by blocking them, you are also > preventing us from making legal use of this nice tool. And it really is > a nice tool. > > Another thing to consider is: > > Most of the attacks on your server are coming from the Internet, just > like a lot of SPAM, port scans, etc. There is little legitimate traffic, > as opposed to the local network where a lot of employees and backup > servers etc. are doing their work and nearly 80% of the traffic are > actually legitimate. Why not block the Internet then? Most of the time > you don't get the bastard spamass anyway. > > Tonnerre > -- > SyGroup GmbH > Tonnerre Lombard > > Loesungen mit System > Tel:+41 61 333 80 33 Roeschenzerstrasse 9 > Fax:+41 61 383 14 67 4153 Reinach > Web:www.sygroup.ch tonnerre.lombard@...roup.ch > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (NetBSD) > > iQIVAwUARIFw1+1mMGan/TnWAQKI7BAApf0KjQbKSxXgAtQPU2bYAKMMw++FdsHS > YYEXdhPEwEmCcaVoUTG/u0PPBMxM8QlKyN8d0yb9v9C/RCQWK+UwJqx817/60rPJ > QZE1I8wLRjCYnpTzvDd29KCSR810683qO1uPZiybjku353ipfrMjqFor3XrptV4b > ncgCM/6hdAs23TkDWxv+3fxhjYs0fPQG8ynxvlQ3TV0JvhrT8vQoFzsLZg8xqsJj > dEY4WyDYBQgKB05GuB4/gixT2uiqN0IvVp4L7hrcsOD1y8KCIdtfz+IE5T/qKmQZ > tYXbGoduVWh5RjUozaiwxhl6s1YXydwxJgcCSMojBac5yZY1eExIXmXsrknv0CN/ > PQ16iZuZZatDCTP5hCPJe9ezlUuoHqyHp7vzdWhW3vV/O/mzGN1rb0EJ7bpGneUV > CcrDFhsN5jvGVD8y8wGuXJM6tsCGfjUYdkOlXDVwLOiEk7bft+fD1n/H5lA/8B7v > OgnQvQ8s3T6wS1yzUiGkeOdklaBh+dJiwox6ru5ITx+b6ewMj683gv1rT1SKHoW1 > gkMSU2o6ujTTRvT4HOZP/nGpZ7aDmn9v3QGNmLmyEBBD8NqokujHJyn47EQeitBI > tg7rKVyEBpR0TP+0Ua9aS8fKSCYyb4O3SF8hFbQR9kyuIA3EV6vVIFkYJOlrUdsY > IWZ9AI3S4k0= > =fDmB > -----END PGP SIGNATURE----- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060603/5a5a93d0/attachment.html
Powered by blists - more mailing lists