Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: blocking tor is not the right way forward. It may just be the right way backward.

From: "John Sprocket" <sargoniv () gmail com>
Date: Sat, 3 Jun 2006 16:15:49 -0400
so you're saying sacrifice the ability for a identifying legit attacker for
the
sake of allowing privacy for the masses? okay, sure. i never really
cared about my data in the first place. ;-)

attackers have other ways, most definitely. but why use one of those other
methods (proxying through a botnet) when you have tor already available
to you?

don't get me wrong by the way. i use tor all the time. and i'm a pretty
legit tor user if i say so myself :), but i can understand why someone would
want to block it. i imagine a forensics person looks and sees a tor ip and
thinks "okay. i just deadended. there's nothing i can do because this is
a tor exit node." with a botnet, most bots can be traced back to their
meeting point which is a little bit more useful.

is there an easier way for denying tor? or instead of denying, how about
identifying a user as being tor and then redirecting them to a page that
explains why a tor user isn't allowed to visit a specific website.
if there's a better way to identify a tor user (malicious or not),
perhaps the list will benefit from it and come up with a better solution.

On 6/3/06, Joel Jose <joeljose420 () gmail com> wrote:


its not just fair game. we had discussed it in tor irc chan. ok so you
just made a apache mod for the black list. tor always did and always do
allow anyone to block tor users if they please. but the easiness which tor
gives for the blocking must not be overused to deny tor communications even
for legitimate purposes(definition vague).

hopefully the blacklists, apache mods.. and other methods of blocking tor
are not "default" enabled. And hopefully the security cookbooks and other
HOWTO's dont come with a default recommendation to enable these tor blocking
modules.

The admin needs to be educated about tor. Ideally he must be able to
decide for himself the balance betrween anonimity and performance. He should
be empowered to take his own decision. An educated and well informed
decision. Remember " if privacy is outlawed, only outlaws will have
privacy".. and hackers have better ways to protect their privacy.. but as of
today.. legitimate users dont have that luxury.. tor is thier most practical
hope.

joel.

--
As soon as men decide that all means are permitted to fight an
evil, then their good becomes indistinguishable from the evil
that they set out to destroy.
                      - Christopher Dawson, The Judgment of Nations

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: