nanog mailing list archives
Re: Tor and network security/administration
From: Lionel Elie Mamane <lionel () mamane lu>
Date: Mon, 19 Jun 2006 08:05:35 +0200
On Sat, Jun 17, 2006 at 08:49:43AM -0500, Kevin Day wrote:
On Jun 17, 2006, at 8:29 AM, Jeremy Chadwick wrote:
Being as I'm not a network administrator myself (although I do filter some stuff using pf and ipfw on my severs), I'm curious what NAs think of the following technology:
We've had considerable problems with Tor.
Idiots who like to use stolen credit cards to buy things online find Tor a nice haven of deniability and covering their tracks.
Our IRC servers, and discussion sites also have had to ban all Tor IPs that we've seen because of troublemakers using them to evade bans.
I don't find the anonymity a bad thing, but I would be a whole lot happier if the default configuration for people running Tor servers included an option to add HTTP headers saying that it's going through Tor, so we could decide if we wanted to conduct financial transactions with them or not.
You don't do your financial transactions over HTTPS? If you do, by the very design of SSL, the tor exit node cannot add any HTTP header. That would be a man-in-the-middle attack on SSL. (Unless you count that users will click "accept" on any "this could be a forged certificate" warning.) More generally, tor is not an HTTP proxy, but a TCP proxy. Which doesn't mean it cannot (as in "there is a Turing machine that does it") also go up from layer 4/5 to layer 7 for certain specific application protocols; it would only be harder, ask for more resources from the node, ... -- Lionel
Current thread:
- Tor and network security/administration Jeremy Chadwick (Jun 17)
- Re: Tor and network security/administration Kevin Day (Jun 17)
- Re: Tor and network security/administration Lionel Elie Mamane (Jun 18)
- Re: Tor and network security/administration Todd Vierling (Jun 19)
- Re: Tor and network security/administration Lionel Elie Mamane (Jun 20)
- Re: Tor and network security/administration Todd Vierling (Jun 21)
- Re: Tor and network security/administration Lionel Elie Mamane (Jun 21)
- Re: Tor and network security/administration Kevin Day (Jun 21)
- Re: Tor and network security/administration Todd Vierling (Jun 21)
- Re: Tor and network security/administration Kevin Day (Jun 21)
- Re: Tor and network security/administration Lionel Elie Mamane (Jun 18)
- Re: Tor and network security/administration Todd Vierling (Jun 21)
- Re: Tor and network security/administration Jeremy Chadwick (Jun 21)
- Re: Tor and network security/administration Steve Atkins (Jun 21)
- Re: Tor and network security/administration Kevin Day (Jun 17)