Full Disclosure mailing list archives
Re: Tool Release - Tor Blocker
From: "Aaron Turner" <synfinatic () gmail com>
Date: Mon, 5 Jun 2006 10:38:26 -0700
Inline... On 6/2/06, Jason Areff <hailtheczar () gmail com> wrote:
It has come to our attention that the majority of tor users are not actually from china but are rather malicious hackers that (ab)use it to keep their anonymity.
Really? I'm curious where you got those statistics. Are you saying that you broke the anonymity of tor and were able to track down users to their actual location? Or are you just making assuptions based on your limited experiance and a few unverified emails? [snip]
Otherwise this puts the administrator in responsibility for any malicious actions caused by said user. Forensics is left with a tor exit node.
As others have mentioned, wouldn't it just be a lot easier to secure your server in the first place rather then worrying about who to prosecute after the fact? What are you going to do when you figure out the guy who hacked your box is a 13 yr old kid in Russia or China? In my experiance, you're really missing the boat when it comes to securing your systems. [snip]
To mitigate most tor attackers we've written an apache module designed to give tor users a 403 error when visiting a specific website. We suggest all administrators whom do not wish a malicious tor user to visit and possibly deface their website to enable the usage of this module.
Your module doesn't actually make a determination between "malicious" and "legitimate" users of tor. From where I come from, we call this "throwing the baby out with the bath water".
This may not get all attackers, but hopefully it raises the security bar just a little bit more to safeguard ourselves from hackers.
As others have mentioned your code has a variety of flaws. Assuming you fix the others, I would also recommend you only list actual Tor exit nodes rather then all nodes (which include 'middle-man nodes' which don't allow people to connect to external services). Middle-man nodes pose no risk to you or your severs.
Jason Areff CISSP, A+, MCSE, Security+ ---------- security through obscurity isnt security ----------
Heh. I find your .sig rather ironic. -- Aaron Turner http://synfin.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Tool Release - Tor Blocker, (continued)
- Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
- RE: Tool Release - Tor Blocker php0t (Jun 03)
- Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)
- Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)
- Re: Tool Release - Tor Blocker Marco Ermini (Jun 03)
- RE: Tool Release - Tor Blocker Dixon, Wayne (Jun 05)
- Re: Tool Release - Tor Blocker Valdis . Kletnieks (Jun 02)
- Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
- Re: Tool Release - Tor Blocker John Sprocket (Jun 03)
- Re: Tool Release - Tor Blocker Michael Holstein (Jun 05)
- Re: Tool Release - Tor Blocker Aaron Turner (Jun 05)
- Re: Tool Release - Tor Blocker mz4ph0d (Jun 05)
- Re: Tool Release - Tor Blocker Fabio Pietrosanti - naif (Jun 03)
- Re: Tool Release - Tor Blocker Steven Rakick (Jun 03)
- Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
- Re: Tool Release - Tor Blocker Jason Areff (Jun 03)
- RE: Tool Release - Tor Blocker php0t (Jun 03)
- Re: Tool Release - Tor Blocker Randal T. Rioux (Jun 04)
- Re: Tool Release - Tor Blocker Giancarlo Razzolini (Jun 05)