| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90691a990606031631q370cf14fre6dad28fc4310d4e@mail.gmail.com> Date: Sun Jun 4 00:31:23 2006 From: markoer at markoer.org (Marco Ermini) Subject: Tool Release - Tor Blocker On 6/4/06, Bill Weiss <houdini+full-disclosure@...nspum.net> wrote: [...] > 1) Where did you get that list from? The Tor server I run (which has > been up continually for over a year) isn't in it. > > 2) Some of us use our Tor servers for "legitimate" traffic as well. > You'll block all of that traffic. Are you sure you don't want the > traffic of the 50+ people who use this server? That's the same for me... > 3) I think you've just suggested giving a webpage (one which may be > hostile towards your goals) control over who can and cannot access your > web server. What happens if one day that CGI hands you a list containing > every IP in your /24? I know that, if I ran said webpage, I would be > tempted to do so every once in a while. > > Even if you're looking for addresses in your own address space, what > about other useful pages? Business partners, customers, etc. > > 4) As others have pointed out, bad choice of a signature for the > beginning of this thread :) > > 5) Rebuilding (reinserting, etc) the module every time the nodes list > changed (> 1 / day) would suck. And these points are good, too. Cheers -- Marco Ermini Dubium sapientiae initium. (Descartes) root@...an # mount -t life -o ro /dev/dna /genetic/research http://www.markoer.org/ - https://www.linkedin.com/in/marcoermini
Powered by blists - more mailing lists