lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 3 22:59:46 2006 From: very at unprivate.com (php0t) Subject: Tool Release - Tor Blocker Would it be a big think to ask that you try to get along? Steven: hardcoding tor node IP's into a module, blocking tor as a means of security is weird I agree but cussing and flaming never helped anybody - I've read other replies in the thread that were a lot more useful than 'clueless fucking dork, learn to code', etc. Jason: 'protecting' only apache, from only a certain list of 'proxies' will not leave your network more secure than it was when they rooted it. Shouldn't you be concerned about how they got in? Do you already know ? If not, shouldn't you be looking for that? If you do know, was it something out-of-the-ordinary? Maybe if you posted THAT, it would have made more sense than trying to get people to install some 3rd party apache module to block a number of IP's that might not be on the net a week later. Or was it NOT something-out-of-the-ordinary? In that case, for example, some buggy PHP exploited, safe_mode being turned off, and whatnot - then you should be REALLY taking some basic security measures - otherwise, your tor blocking attempt is exactly what your signature says: 'security through obscurity'. As a finish, let me quote from the tor FAQ 8.4. You should hide the list of Tor servers, so people can't block the exits. [link <http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhyBlockable> ] There are a few reasons we don't: 1. We can't help but make the information available, since Tor clients need to use it, so if the "blockers" want it, they can get it anyway. 2. If people want to block us, we believe that they should be allowed to do so. Obviously, we would prefer for everybody to allow Tor users to connect to them, but people have the right to decide who their services should allow connections from, and if they want to block anonymous users, they can. 3. Being blockable also has tactical advantages: it may be a persuasive response to website maintainers who feel threatened by Tor. Giving them the option may inspire them to stop and think about whether they really want to eliminate private access to their system, and if not, what other options they might have. The time they might otherwise have spent blocking Tor, they may instead spend rethinking their overall approach to privacy and anonymity. -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jason Areff Sent: Saturday, June 03, 2006 11:28 PM To: Steven Rakick Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Tool Release - Tor Blocker Those acronoyms prove that I know more than you apparently. Way to demonstrate your l33t hax0r skills. Jason Areff CISSP, A+, MCSE, Security+ == Better than Steven Rakick ---------- security through obscurity isnt security ---------- On 6/3/06, Steven Rakick <stevenrakick@...oo.com> wrote: Here's an idea. Remove those lame ass fucking acronyms from your signature you clueless fucking dork. Oh, and learn how to code you before you start posting like you're all that. From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jason Areff Sent: Saturday, June 03, 2006 10:32 AM To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Tool Release - Tor Blocker It is really unfortunate that most people that replied to this feel the need to be haughty in their responses. I was simply trying to create a tool to give back to the community. Our servers were comprimised by a tor user and I saw the need to do my best to blacklist such users. If this is not your need, then please respond to me personally with any suggestions you may have, but do not start a public flame war like you are attempting. Jason Areff CISSP, A+, MCSE, Security+ ---------- security through obscurity isnt security ---------- On 6/3/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu > wrote: On Fri, 02 Jun 2006 23:47:38 CDT, str0ke said: > Umm what about the new ip addresses that are added to the tor network? > > http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1 <http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonl y=1> &addr=1&textonly=1 Ahh.. there we go. Now a wget of that every once in a while, and a little bit of Perl kung-foo to build an 'addrs.h' file that gets #include'ed and then rebuild the module, and we're getting closer. ;) (And don't forget to throw out any alleged exit addresses in your own address space, and any other addresses you really don't want to block. It's embarassing when a clever hacker uses your own security routines to DoS you ;) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com <http://mail.yahoo.com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html <http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060603/2405bf12/attachment.html
Powered by blists - more mailing lists