[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Automatic vulnerability scanning of Tor Network?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Automatic vulnerability scanning of Tor Network?
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Tue, 20 Dec 2011 09:11:29 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Dec 2011 03:11:49 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.24) Gecko/20111103 Thunderbird/3.1.16

I made a big portscan+app fingerprinting of all Tor exit and Relay:

wget -q -O  /tmp/Tor_ip_list_ALL.csv  \
http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv

nmap -iL /tmp/Tor_ip_list_ALL.csv -F -sS -sV -PI -T Insane \
-oM Tor-Scan-20-12-2011_00_30.out

You can find the result here:
http://infosecurity.ch/Tor-Scan-20-12-2011_00_30.out.gz

It would be interesting to analyze it to understand "what's running" on
Tor Exit and Tor Relays, eventually make up some kind of network
monitoring systems like it's done for Enterprise Security Monitoring
Systems.

IE (automatically):
- Having a periodic portscan + application fingerprinting
- Passing the result to a nessus vulnerability analyzer
- Sending the results to the  contact info
- Repeating the tests every 2 week, sending again the result to the
contact info
- If a "high" vulnerability it's not fixed automatically within 1
months, publish it to the internet

Or a process like that to always know that the "System/Network" security
of computers running Tor it's ok, and if not ok "do something".

Imho it would not be complicated to setup a stuff like that

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Andrew Lewman
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Lee

Prev by Author: Re: [tor-talk] tor-exit running ntop
Next by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Previous by thread: Re: [tor-talk] "If you have access to certain tools, you can completely ignore Tor."
Next by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Index(es):
- Author
- Thread