Re: Scanning trough proxy, including Tor: Ethical consideration

[Fyodor <fyodor () nmap org>]

On Tue, Jul 14, 2015 at 4:44 AM, Fabio Pietrosanti (naif) - lists <
lists () infosecurity ch> wrote:

> Regarding the high-performance scanning trough proxy, including and
> especially Tor, did you considered the ethical aspects of such
> implementation?

Hi Fabio. It's an important concern, and one I also had many years ago when
we started taking the first tentative steps toward support for scanning
through Tor. I wasn't sure whether Tor developers would appreciate this
feature for the value it can add in using and debugging connectivity
through Tor nodes, or consider it a negative for the Tor Project due to
abuse potential.  But I've spoken with many Tor developers and I don't
think any of them have tried to dissuade us from adding this.  To the
contrary, they commonly asked me unprompted when we will finally add better
Tor support to Nmap.  And several of them have even contributed patches.
For example, Tor developer Jacob Appelbaum (@ioerror) wrote one of the
first proof of concept patches for scanning through Tor with Nmap back in
2009.  He checked it into our svn tree here:

https://svn.nmap.org/nmap-exp/ioerror/nmap-proxy/?p=25000

And ioerror isn't the only Tor developer who has contributed patches to
enhance Nmap's ability to scan through Tor. So my hope, and my current
understanding, is that the Tor Project folks will appreciate this new
feature.  Some people will probably abuse it, and that is unfortunate.  But
if the Tor folks wanted to hold back technology because of the potential
for abuse, well, they'd have probably shut down the whole Tor network and
project by now.

Cheers,
Fyodor

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/