[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Why TOR Operators SHOULD always sniff their exit traffic...

To: or-talk@xxxxxxxxxxxxx
Subject: Why TOR Operators SHOULD always sniff their exit traffic...
From: tor <tor@xxxxxxxxxxxxxxx>
Date: Wed, 08 Jun 2005 12:51:04 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 08 Jun 2005 15:48:55 -0400
In-reply-to: <42A742AB.1060807@algae-world.com>
References: <20050608185712.43788.qmail@web26404.mail.ukl.yahoo.com> <42A742AB.1060807@algae-world.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)

gee this just hit slashdot a while ago...

yet another reason sniffing is a GOOD thing for tor operators...

*Schneier on Attack Trends: More Complex Worms*
Worms <http://slashdot.org/search.pl?topic=220>

*Posted by timothy <http://www.monkey.org/%7Etimothy/> on Wednesday June 08, @12:39AM* *from the malice-on-the-loose dept.* Gary W. Longsine <http://intrinsicsecurity.com/> writes /"Bruce Schneier has posted an interesting entry on expected attack trends <http://www.schneier.com/blog/archives/2005/06/attack_trends_2.html> to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG <http://www.symantec.com/avcenter/venc/data/w32.spybot.keg.html> worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.ID>"/

tor wrote:

Gee... if it can be exposed by sniffing then it isnt much of a privacy network. Tor operators/developers should Always sniff their servers traffic at least occasionally to see if holes or information is being exposed.
 A tor/patcher who always sniffs his server traffic
a tor user ps not only is it NOT rude it is completely legal in the US at least to monitor the traffic to/from a given server if you own that server, this is completely a legal action under ECPA.
 Robert Mischke wrote:
--- "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx> schrieb:
On Wed, Jun 08, 2005 at 06:48:24PM +0100, Adam
Langley wrote:
:You could port sniff outbound 6667 ports with
tcpdump or ethereal.
that's a bit rude,
Not only rude, but illegal in several countries. Of
course, this can be done in secrecy, but I think
advocating sniffing in the context of a privacy
network is Not A Good Idea (tm).
Regards,
Robert
___________________________________________________________ Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de

Follow-Ups:
- Re: Why TOR Operators SHOULD always sniff their exit traffic...
  - From: Chris Palmer
- Re: Why TOR Operators SHOULD always sniff their exit traffic...
  - From: Kristian Köhntopp

References:
- Re: IRCNet abuse
  - From: Robert Mischke
- Re: IRCNet abuse
  - From: tor

Prev by Author: Re: IRCNet abuse
Next by Author: Re: IRCNet abuse
Previous by thread: Re: IRCNet abuse
Next by thread: Re: Why TOR Operators SHOULD always sniff their exit traffic...
Index(es):
- Author
- Thread