Re: Re: blocking tor is not the right way forward. It may just be the right way backward.

["John Sprocket" <sargoniv () gmail com>]

well, let's look at it like this. in my opinion it seems moreso not being in
fear of bugs and
being ./hacked-with-latest-php-bug. in my opinion, i feel it's this user is
visiting a host
anonymously. meaning he's got something to hide.

if someone is a guest inside my establishment and they have something to
hide. it makes one wonder, doesn't it? would it be wrong for me to
categorize a tor user and say for
example ask them why they choose to be anonymous on a specific webpage? it's
my home is it not?

i think a problem of jason areff's module is he was thinking narrowmindedly.
what would
be nicer and less obnoxious is categorizing or labeling a tor user as being
anonymous.
of course, it's common sense that an attacker will work around this. but tor
is a
community supported utility, it's known to provide anonymity. people know
about it,
people incapable of coming up with a workaround to avoid being identified as
tor use
it for anonymity (being malicious or not). it "can" be identified according
to the wiki. why not categorize or label them as being tor? it is my home
after all. i'd like to know if
someone insists on being anonymous while inside my house. it's categorizing
someone using a known and community supported tool.

and sure, he sucks at code. but it's a start for him to get an idea he had
into
motion. hell, this could probably be one of his first programs. ;)
if he knew how to code, he'd write a lexer for the cached-directory
like it's stated in the docs.

jason,
you should probably follow this code, and make it so it caches it in an
indexed table
perhaps. make it update at some interval of course.
http://tor.eff.org/cvs/tor/contrib/exitlist

.sargoniv

On 6/6/06, Sol Invictus <sol () haveyoubeentested org> wrote:
> There is one simple (from management's point of view) way to solve this
> issue.
>
> DEFAULT DENY and monitor everything else.
>
> That way whenever someone uses a legitimate path for something not
> legit, it will be caught.
>
> Why do you think they posted guards at the gates of old castles?  Create
> the chokepoint and search everyone.
>
> Sol.
>
> Joel Jose wrote:
>
> > see, its pitty how we dont understand that we are trying to defend
> > using the wrong principles.
> >
> > just like the other poster pointed out.. protect your data == plug
> > holes + preserve + restore data.. != go for a witch hunt.
> >
> > moreover.. we when "blocking" tor and denying access are assuming 3
> > things :
> > 1) tor cannot be recreated(dont bet on that.. imagine a tor-2 network
> > which corrects(takes different policy measures) the blacklisting
> > facility, if we hold the rope so tight as to choke.. the privacy
> > people and the community will come up with a better and more effective
> > tool.. )
> > 2) scarce resources is the way forward. Cmon public open proxies, tor
> > like public projects..etc are not "scarce" resource for the attacker..
> > but it is a scarce resource for the users... dont get fooled..
> > ofcourse all it takes for a determined(and well funded) attacker is
> > "shift" his cables to get onto a different network to attack you ;)
> > 3)TOR is not the problem.. its a solution for privacy... it would be
> > much better if you try to find time to code for better webserver
> > protections against a dos.. or even write a patch for that new
> > full-disclosure vulnerability.. did i say proof-of-concept.. yikes..
> > ;)
> >
> > PS : ofcourse right now discussions are on on how to "label" / "mark"
> > tor users so that CIA triad is maintained for resources accessed by
> > tor users having different access privileges. psuedonyms are a serious
> > model thats being considered and researched...
> >
> > joel.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/