[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: shadowserver.org



On Mon, Jun 14, 2010 at 10:26:59PM +0100, Al MailingList wrote:
> > How would you block connections to Shadowserver's honeypots?
> 
> Why would you want to do that? The point is someone is using an exit
> node for abuse. If you just prevent abuse to a honey pot, you are just
> covering up the problem - real servers will still be the recipients of
> the abuse?

Well, it depends how much of it is actual abuse. If the only people
complaining are the honeypot, that's a good argument that the honeypot
is overbroad in its notion of abuse.

For example, a while ago we got to deal with SORBS's approach to Tor. They
ran some honeypots on port 6667, and any addresses that connected to
those honeypots got onto their spam (port 25) blacklist. They didn't
know or care that Tor relays have exit policies, meaning they can allow
connections to port 6667 while not allowing connections to port 25.

(The result was a stand-off where SORBS declared that it hated anonymity
and wanted to kill the whole idea of Tor... but that's a separate
discussion. :)

More generally, your point is a good one that the Tor network would
do a lot better if it generated less abuse. But from talking to the
exit relay operators, they see very few abuse complaints per kilobyte
handled. Part of the challenge is that people who think anonymity can't
be very popular look at the Tor network, figure it has roughly no users,
see that it generates abuse complaints, and leap to the conclusion that
most Tor users are abusing it. After all, if Tor is succeeding, nobody
notices. And in fact Tor handles hundreds of thousands of users daily.

People reading this thread might also like reading
https://www.torproject.org/faq-abuse

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/