lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001d01c68759$01ebaf60$650ba8c0@DORKA>
Date: Sat Jun  3 22:59:46 2006
From: very at unprivate.com (php0t)
Subject: Tool Release - Tor Blocker

 
Would it be a big think to ask that you try to get along?
 
Steven: hardcoding tor node IP's into a module, blocking tor as a means
of security is weird I agree but cussing and flaming never helped
anybody - I've read other replies in the thread that were a lot more
useful than 'clueless fucking dork, learn to code', etc.
 
Jason: 'protecting' only apache, from only a certain list of 'proxies'
will not leave your network more secure than it was when they rooted it.
Shouldn't you be concerned about how they got in? Do you already know ?
If not, shouldn't you be looking for that? If you do know, was it
something out-of-the-ordinary? Maybe if you posted THAT, it would have
made more sense than trying to get people to install some 3rd party
apache module to block a number of IP's that might not be on the net a
week later. Or was it NOT something-out-of-the-ordinary? In that case,
for example, some buggy PHP exploited, safe_mode being turned off, and
whatnot - then you should be REALLY taking some basic security measures
- otherwise, your tor blocking attempt is exactly what your signature
says: 'security through obscurity'.
 
As a finish, let me quote from the tor FAQ
 

8.4. You should hide the list of Tor servers, so people can't block the
exits.


[link
<http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhyBlockable> ] 

There are a few reasons we don't: 

1.	
We can't help but make the information available, since Tor clients need
to use it, so if the "blockers" want it, they can get it anyway. 

2.	
If people want to block us, we believe that they should be allowed to do
so. Obviously, we would prefer for everybody to allow Tor users to
connect to them, but people have the right to decide who their services
should allow connections from, and if they want to block anonymous
users, they can. 

3.	
Being blockable also has tactical advantages: it may be a persuasive
response to website maintainers who feel threatened by Tor. Giving them
the option may inspire them to stop and think about whether they really
want to eliminate private access to their system, and if not, what other
options they might have. The time they might otherwise have spent
blocking Tor, they may instead spend rethinking their overall approach
to privacy and anonymity. 

 
 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jason
Areff
Sent: Saturday, June 03, 2006 11:28 PM
To: Steven Rakick
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Tool Release - Tor Blocker


Those acronoyms prove that I know more than you apparently. Way to
demonstrate your l33t hax0r skills.

Jason Areff
CISSP, A+, MCSE, Security+ == Better than Steven Rakick


----------
security through obscurity isnt security
----------



On 6/3/06, Steven Rakick <stevenrakick@...oo.com> wrote: 

Here's an idea. Remove those lame ass fucking acronyms
from your signature you clueless fucking dork.

Oh, and learn how to code you before you start posting
like you're all that.



From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On
Behalf Of Jason Areff
Sent: Saturday, June 03, 2006 10:32 AM 
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Tool Release - Tor 
Blocker

It is really unfortunate that most people that replied
to this feel the need to be haughty in their
responses. I was simply trying to create a tool to
give back to the community. Our servers were 
comprimised by a tor user and I saw the need to do my
best to blacklist such users. If this is not your
need, then please respond to me personally with any
suggestions you may have, but do not start a public
flame war like you are attempting.


Jason Areff
CISSP, A+, MCSE, Security+


----------
security through obscurity isnt security
----------


On 6/3/06, Valdis.Kletnieks@...edu
<Valdis.Kletnieks@...edu > wrote:
On Fri, 02 Jun 2006 23:47:38 CDT, str0ke said:
> Umm what about the new ip addresses that are added 
to the tor network?
>
>
http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1
<http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonl
y=1> &addr=1&textonly=1 

Ahh.. there we go.  Now a wget of that every once in a
while, and a little
bit of Perl kung-foo to build an 'addrs.h' file that
gets #include'ed and
then rebuild the module, and we're getting closer. ;) 

(And don't forget to throw out any alleged exit
addresses in your own
address space, and any other addresses you really
don't want to block.
It's embarassing when a clever hacker uses your own
security routines to 
DoS you ;)




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com  <http://mail.yahoo.com> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
<http://lists.grok.org.uk/full-disclosure-charter.html> 
Hosted and sponsored by Secunia - http://secunia.com/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060603/2405bf12/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ