| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1149333720.4990.8.camel@wssyg02.sygroup-int.ch> Date: Sat Jun 3 12:22:12 2006 From: tonnerre.lombard at sygroup.ch (Tonnerre Lombard) Subject: Tool Release - Tor Blocker Salut, On Sat, 2006-06-03 at 00:21 -0400, Jason Areff wrote: > It has come to our attention that the majority of tor users are not > actually from china but are rather malicious hackers that (ab)use it > to keep their anonymity. At this point, I would like to ask you not to use this tool in the wild. There is a whole lot of legitimate Tor users out there, and there are enough reasons to use Tor for purposes other than splatting other machines. For example (those applicable to me): * When I'm in the European Parliament, Tor is one of the only methods other than a VPN on port 80 to actually get traffic in and out. This again is helpful to have live communication of decisions/debates and to interact in a sensible way. * When I'm in the European Union, I don't want to be a suspected terrorist because I talk to my friends in Pakistan, Israel, Brazil, Honduras, Cuba etc. (about the latest NetBSD development etc. by the way) * Some of my security research usually gets me on the black lists of some federal police blah etc. because they consider everyone searching for that a terrorist. Yet I do it mostly to be up to date on certain developments in terms of security. There are many more reasons which I also wrote a number of articles about in various magazines and on various websites. There are a couple of abusers of Tor, for sure. But by blocking them, you are also preventing us from making legal use of this nice tool. And it really is a nice tool. Another thing to consider is: Most of the attacks on your server are coming from the Internet, just like a lot of SPAM, port scans, etc. There is little legitimate traffic, as opposed to the local network where a lot of employees and backup servers etc. are doing their work and nearly 80% of the traffic are actually legitimate. Why not block the Internet then? Most of the time you don't get the bastard spamass anyway. Tonnerre -- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach Web:www.sygroup.ch tonnerre.lombard@...roup.ch -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 824 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060603/f4b8d772/attachment.bin
Powered by blists - more mailing lists