Full Disclosure mailing list archives

Re: Tool Release - Tor Blocker

From: "Aaron Turner" <synfinatic () gmail com>
Date: Mon, 5 Jun 2006 10:38:26 -0700

Inline...

On 6/2/06, Jason Areff <hailtheczar () gmail com> wrote:

It has come to our attention that the majority of tor users are not actually
from china but are rather malicious hackers that (ab)use it to keep their
anonymity.


Really?  I'm curious where you got those statistics.  Are you saying
that you broke the anonymity of tor and were able to track down users
to their actual location?  Or are you just making assuptions based on
your limited experiance and a few unverified emails?

[snip]

Otherwise this puts the administrator in responsibility for
any malicious actions caused by said user. Forensics is left with a tor exit
node.


As others have mentioned, wouldn't it just be a lot easier to secure
your server in the first place rather then worrying about who to
prosecute after the fact?  What are you going to do when you figure
out the guy who hacked your box is a 13 yr old kid in Russia or China?
In my experiance, you're really missing the boat when it comes to
securing your systems.

[snip]

 To mitigate most tor attackers we've written an apache module designed to
give tor users a 403 error when visiting a specific website.  We suggest all
administrators whom do not wish a malicious tor user to visit and possibly
deface their website to enable the usage of this module.


Your module doesn't actually make a determination between "malicious"
and "legitimate" users of tor.  From where I come from, we call this
"throwing the baby out with the bath water".

This may not get
all attackers, but hopefully it raises the security bar just a little bit
more to safeguard ourselves from hackers.


As others have mentioned your code has a variety of flaws.  Assuming
you fix the others, I would also recommend you only list actual Tor
exit nodes rather then all nodes (which include 'middle-man nodes'
which don't allow people to connect to external services).  Middle-man
nodes pose no risk to you or your severs.

 Jason Areff
 CISSP, A+, MCSE, Security+


 ----------
 security through obscurity isnt security
 ----------


Heh.  I find your .sig rather ironic.

--
Aaron Turner
http://synfin.net/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Tool Release - Tor Blocker, (continued)
- - - Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
    - RE: Tool Release - Tor Blocker php0t (Jun 03)
    - Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)
    - Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)
    - Re: Tool Release - Tor Blocker Marco Ermini (Jun 03)
    - RE: Tool Release - Tor Blocker Dixon, Wayne (Jun 05)
- Re: Tool Release - Tor Blocker Valdis . Kletnieks (Jun 02)
- Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
  - Re: Tool Release - Tor Blocker John Sprocket (Jun 03)
- Re: Tool Release - Tor Blocker Michael Holstein (Jun 05)
- Re: Tool Release - Tor Blocker Aaron Turner (Jun 05)
  - Re: Tool Release - Tor Blocker mz4ph0d (Jun 05)
- Re: Tool Release - Tor Blocker Fabio Pietrosanti - naif (Jun 03)
- Re: Tool Release - Tor Blocker Steven Rakick (Jun 03)
  - Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
  - Re: Tool Release - Tor Blocker Jason Areff (Jun 03)
    - RE: Tool Release - Tor Blocker php0t (Jun 03)
    - Re: Tool Release - Tor Blocker Randal T. Rioux (Jun 04)
    - Re: Tool Release - Tor Blocker Giancarlo Razzolini (Jun 05)