Full Disclosure mailing list archives

Re: Tool Release - Tor Blocker

From: Bill Weiss <houdini+full-disclosure () clanspum net>
Date: Sat, 3 Jun 2006 23:15:58 +0000

Valdis.Kletnieks () vt edu(Valdis.Kletnieks () vt edu)@Sat, Jun 03, 2006 at 12:59:31AM -0400:

On Fri, 02 Jun 2006 23:47:38 CDT, str0ke said:

Umm what about the new ip addresses that are added to the tor network?

http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonly=1


Ahh.. there we go.  Now a wget of that every once in a while, and a little
bit of Perl kung-foo to build an 'addrs.h' file that gets #include'ed and
then rebuild the module, and we're getting closer. ;)

(And don't forget to throw out any alleged exit addresses in your own
address space, and any other addresses you really don't want to block.
It's embarassing when a clever hacker uses your own security routines to
DoS you ;)


Responding to Jason more than you, Valdis.  Excuse me.

Several remarks:

1) Where did you get that list from?  The Tor server I run (which has
been up continually for over a year) isn't in it.

2) Some of us use our Tor servers for "legitimate" traffic as well.
You'll block all of that traffic.  Are you sure you don't want the
traffic of the 50+ people who use this server?

3) I think you've just suggested giving a webpage (one which may be
hostile towards your goals) control over who can and cannot access your
web server.  What happens if one day that CGI hands you a list containing
every IP in your /24?  I know that, if I ran said webpage, I would be
tempted to do so every once in a while.

Even if you're looking for addresses in your own address space, what
about other useful pages?  Business partners, customers, etc.

4) As others have pointed out, bad choice of a signature for the
beginning of this thread :)

5) Rebuilding (reinserting, etc) the module every time the nodes list
changed (> 1 / day) would suck.

-- 
Bill Weiss
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Tool Release - Tor Blocker, (continued)
- Re: Tool Release - Tor Blocker str0ke (Jun 02)
  - Re: Tool Release - Tor Blocker Jason Areff (Jun 02)
    - Re: Tool Release - Tor Blocker J.A. Terranson (Jun 03)
  - Re: Tool Release - Tor Blocker Andrew Farmer (Jun 02)
  - Re: Tool Release - Tor Blocker Valdis . Kletnieks (Jun 02)
    - Re: Tool Release - Tor Blocker Jason Areff (Jun 03)
    - Re: Tool Release - Tor Blocker Alexander Sotirov (Jun 03)
    - Re: Tool Release - Tor Blocker Jacob Weeks (Jun 03)
    - Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
    - RE: Tool Release - Tor Blocker php0t (Jun 03)
    - Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)
    - Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)
    - Re: Tool Release - Tor Blocker Marco Ermini (Jun 03)
    - RE: Tool Release - Tor Blocker Dixon, Wayne (Jun 05)
- Re: Tool Release - Tor Blocker Valdis . Kletnieks (Jun 02)
- Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
  - Re: Tool Release - Tor Blocker John Sprocket (Jun 03)
- Re: Tool Release - Tor Blocker Michael Holstein (Jun 05)
- Re: Tool Release - Tor Blocker Aaron Turner (Jun 05)
  - Re: Tool Release - Tor Blocker mz4ph0d (Jun 05)
- Re: Tool Release - Tor Blocker Fabio Pietrosanti - naif (Jun 03)

(Thread continues...)