lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 3 21:16:09 2006 From: sargoniv at gmail.com (John Sprocket) Subject: blocking tor is not the right way forward. It may just be the right way backward. so you're saying sacrifice the ability for a identifying legit attacker for the sake of allowing privacy for the masses? okay, sure. i never really cared about my data in the first place. ;-) attackers have other ways, most definitely. but why use one of those other methods (proxying through a botnet) when you have tor already available to you? don't get me wrong by the way. i use tor all the time. and i'm a pretty legit tor user if i say so myself :), but i can understand why someone would want to block it. i imagine a forensics person looks and sees a tor ip and thinks "okay. i just deadended. there's nothing i can do because this is a tor exit node." with a botnet, most bots can be traced back to their meeting point which is a little bit more useful. is there an easier way for denying tor? or instead of denying, how about identifying a user as being tor and then redirecting them to a page that explains why a tor user isn't allowed to visit a specific website. if there's a better way to identify a tor user (malicious or not), perhaps the list will benefit from it and come up with a better solution. On 6/3/06, Joel Jose <joeljose420@...il.com> wrote: > > its not just fair game. we had discussed it in tor irc chan. ok so you > just made a apache mod for the black list. tor always did and always do > allow anyone to block tor users if they please. but the easiness which tor > gives for the blocking must not be overused to deny tor communications even > for legitimate purposes(definition vague). > > hopefully the blacklists, apache mods.. and other methods of blocking tor > are not "default" enabled. And hopefully the security cookbooks and other > HOWTO's dont come with a default recommendation to enable these tor blocking > modules. > > The admin needs to be educated about tor. Ideally he must be able to > decide for himself the balance betrween anonimity and performance. He should > be empowered to take his own decision. An educated and well informed > decision. Remember " if privacy is outlawed, only outlaws will have > privacy".. and hackers have better ways to protect their privacy.. but as of > today.. legitimate users dont have that luxury.. tor is thier most practical > hope. > > joel. > > -- > As soon as men decide that all means are permitted to fight an > evil, then their good becomes indistinguishable from the evil > that they set out to destroy. > - Christopher Dawson, The Judgment of Nations > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060603/ca4d1b97/attachment-0001.html
Powered by blists - more mailing lists