Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

[Robert Ransom <rransom.8774@xxxxxxxxx>]

On 2011-12-21, Chris <tmail299@xxxxxxxxxxx> wrote:
>>> So please, don't bother with that justification, a scan like that would
>>> probably just be one scan of 10000 you receive every week.
>>
>> The scan which happened yesterday was enough to get the attention of both
>> the
>> university network security team, and the sys-admins of the department
>> which
>> hosts my Tor server. The last time this happened was 2009.
>>
>> It's already difficult enough to host a Tor server, but triggering
>> institutional
>> IDS is only going to make justifying the benefit of running a node harder.
>>
>
> This is a dumb policy although that being said if this is going to have a
> significant negative impact on the Tor network from a bandwidth or
> security (loss of nodes could impact security too) then what about having
> the Tor software do a check on the system? This would bypass the network
> and avoid intrusion detection systems in place on the network. I imagine
> anyway.

All of these ideas about removing allegedly âinsecureâ or âvulnerableâ
relays from the network ignore the fact that someone who wants to
compromise Tor relays and use them to attack Tor users will just make
the relays appear to not be vulnerable, so that they can stay in the
network.  I'm amazed at how many people want us to remove relays which
have definitely not been compromised from the Tor network.


Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk