lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 3 23:19:24 2006 From: jaweeks at gmail.com (Jacob Weeks) Subject: Tool Release - Tor Blocker isn't there also a financial requirment before anyone (police, fbi, ... ) would actually investigate the incident? see the ?, it's a question, not a statement. On 6/3/06, Alexander Sotirov <asotirov@...ermina.com> wrote: > The purpose of this module is not to increase the security of your server, but > to allow you to prosecute hackers after the fact. If your server has a remotely > exploitable vulnerability and you block Tor nodes, you can still be hacked from > any other IP address on the Internet. > > The only difference is that blocking Tor force the attackers to use a > non-anonymized IP address, which can (at least theoretically) be traced back to > them. I have doubts that this really makes a difference in practice. > > Blacklisting IP addresses is no substitute for actually fixing the > vulnerabilities on your servers. > > Alex > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- -- Never do today, what you can blame someone else for not doing tomorrow.
Powered by blists - more mailing lists