[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Wed, 21 Dec 2011 14:14:50 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Dec 2011 08:15:12 -0500
In-reply-to: <20111221125902.GA28637@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4EF04331.20708@xxxxxxxxxxxxxxx> <CAD8GWstvNas1A8oqPUmruHGFSHvPkGaER+3WdjHa910ZZoqC-w@xxxxxxxxxxxxxx> <4EF0D586.7040305@xxxxxxxxxxxxxxx> <20111221125902.GA28637@xxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.24) Gecko/20111103 Thunderbird/3.1.16

On 12/21/11 1:59 PM, Steven J. Murdoch wrote:
> On Tue, Dec 20, 2011 at 07:35:50PM +0100, Fabio Pietrosanti (naif) wrote:
>> Please, get an public IP address, don't announce it, don't do anything.
>> Now please have a look, without even being a Tor Server, how many mass
>> scan your receive.
>>
>> So please, don't bother with that justification, a scan like that would
>> probably just be one scan of 10000 you receive every week.
> 
> The scan which happened yesterday was enough to get the attention of both the
> university network security team, and the sys-admins of the department which
> hosts my Tor server. The last time this happened was 2009.

That's probably the rate used to get fast scanning (-T Insane) that
caused triggering of an IDS alert (number of packets / time).

Apologise for that (it probably sent 1354 packet in 1 second).

Howevr this behaviour could be fixed by reducing the rate of packet
sending, spreading the portscan during a long time.

The "-F" of nmap scan 1-1024 port + /etc/services.
Nmapping from a debian system they are 1354 port.

If we would send "1 packet" every minute, it would take about 22hours to
complete the scan, bypassing almost any portscan detection system.

That way it would still be possible to map the opened ports / service
version, but without creating alarm or abuse complain.

What do you think?

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Steven J. Murdoch

References:
- [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Lee
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Steven J. Murdoch

Prev by Author: [tor-talk] On verifying security of Tor Routers idea
Next by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Previous by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Next by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Index(es):
- Author
- Thread