lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon Jun  5 17:47:14 2006
From: wcdixo at aurora.lib.il.us (Dixon, Wayne)
Subject: Tool Release - Tor Blocker

So why not have a file that it looks up instead of having to recompile
for every IP change, and look up the file on restart?

Wayne
 


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Bill
Weiss
Sent: Saturday, June 03, 2006 6:16 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Tool Release - Tor Blocker


Valdis.Kletnieks@...edu(Valdis.Kletnieks@...edu)@Sat, Jun 03, 2006 at
12:59:31AM -0400:
> On Fri, 02 Jun 2006 23:47:38 CDT, str0ke said:
> > Umm what about the new ip addresses that are added to the tor 
> > network?
> > 
> > http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&text
> > only=1
> 
> Ahh.. there we go.  Now a wget of that every once in a while, and a 
> little bit of Perl kung-foo to build an 'addrs.h' file that gets 
> #include'ed and then rebuild the module, and we're getting closer. ;)
> 
> (And don't forget to throw out any alleged exit addresses in your own 
> address space, and any other addresses you really don't want to block.

> It's embarassing when a clever hacker uses your own security routines 
> to DoS you ;)

Responding to Jason more than you, Valdis.  Excuse me.

Several remarks:

1) Where did you get that list from?  The Tor server I run (which has
been up continually for over a year) isn't in it.

2) Some of us use our Tor servers for "legitimate" traffic as well.
You'll block all of that traffic.  Are you sure you don't want the
traffic of the 50+ people who use this server?

3) I think you've just suggested giving a webpage (one which may be
hostile towards your goals) control over who can and cannot access your
web server.  What happens if one day that CGI hands you a list
containing every IP in your /24?  I know that, if I ran said webpage, I
would be tempted to do so every once in a while.

Even if you're looking for addresses in your own address space, what
about other useful pages?  Business partners, customers, etc.

4) As others have pointed out, bad choice of a signature for the
beginning of this thread :)

5) Rebuilding (reinserting, etc) the module every time the nodes list
changed (> 1 / day) would suck.

-- 
Bill Weiss
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists