[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: blocking google groups [was Re: ExitPolicy abuse]

To: or-talk@xxxxxxxxxxxxx
Subject: Re: blocking google groups [was Re: ExitPolicy abuse]
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 9 Feb 2005 05:45:36 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 09 Feb 2005 05:45:55 -0500
In-reply-to: <4209DB55.1070105@pobox.com>; from vgough@pobox.com on Wed, Feb 09, 2005 at 10:43:49AM +0100
References: <ea4f23c2d16ada8345e8dfd8069e46b5@wiw.org> <6ca73f6505020901317d2ce167@mail.gmail.com> <4209DB55.1070105@pobox.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.2.5.1i

First, to SK: yes, middleman nodes are still very useful. Remember that
two of the three hops in the circuit are on nodes other than the exit
node. Also, since Tor's security comes from the diversity of its network,
letting people *enter* at your node is very helpful to security.

On Wed, Feb 09, 2005 at 10:43:49AM +0100, Valient Gough wrote:
> I also got a report recently from someone about UUNet abuse through 
> Google.  Apparently they had reported it to google, but never got an 
> answer (not surprising, in my experience google is very slow to respond 
> to mail, if they ever respond).  I think the problem lies with google - 
> they are acting as a proxy from HTTP -> UUNet and not filtering spam 
> along the way.

(I assume you mean Usenet.)

Hm, this is a tricky one. For example, if Google starts filtering posts,
liability issues may come up. Also, Google tends to get bad publicity
when they do things that can be seen as "censorship."

> So until google fixes the problem, I've rejected access to google's 
> network.  I don't know how many ways groups.google.com may be accessed, 
> but my first stab is to block 216.239.37.0/24 , which contains the 3 
> servers listed right now in DNS.

Ok, but groups.google.com is an alias for groups.google.akadns.net,
which doesn't bode well for easily enumerating its addresses. :)

> Perhaps over time we're going to have to build up a list of networks 
> that are wide open for abuse, like google groups, which we may want to 
> block in a default exit policy..

Right.

I'll have a talk with some Google security folks about this, and see how
they feel about this particular example of abuse. Thanks for bringing
it up.

Thanks,
--Roger

Follow-Ups:
- Re: blocking google groups [was Re: ExitPolicy abuse]
  - From: Valient Gough

References:
- ExitPolicy abuse
  - From: Christopher Heschong
- Re: ExitPolicy abuse
  - From: SK
- blocking google groups [was Re: ExitPolicy abuse]
  - From: Valient Gough

Prev by Author: Re: Which signature to use?
Next by Author: Re: Opt-Out Lists: Useful Feature?
Previous by thread: Re: Opt-Out Lists: Useful Feature?
Next by thread: Re: blocking google groups [was Re: ExitPolicy abuse]
Index(es):
- Author
- Thread