[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?



On 12/21/11, Justin Aplin <japlin@xxxxxxxxx> wrote:
>
> On Dec 20, 2011, at 6:52 PM, Mike Damm wrote:
>
>> On Dec 20, 2011, at 2:54 PM, "Chris" <tmail299@xxxxxxxxxxx> wrote:
>>
>>>>> Security trough obscurity doesn't scale, so what' the problem?
>>>>
>>>> The problem is that I don't know you, I don't know your intentions,
>>>> and I haven't given you permission to do a security audit, free or
>>>> otherwise, on my machine.  You need to GET PERMISSION FIRST or you're
>>>> behaving exactly like those "Tor unfriendly person" you mentioned.
>>>
>>> What are the ethics of the Internet?
>>
>> A smart man once said "be conservative in what you do, be liberal in what
>> you accept from others."
>
> While I totally get both sides of this argument *in theory*, all of this
> sounds a lot to me like getting pissed off about someone ringing your
> doorbell because they didn't mail you an opt-in form first.

Nope.  The probes were annoying, but the killer was my all-in-one
consumer grade router/nat/dhcp server/firewall leaking packets into
what was supposed to be the secure part of my home network.

> Certainly I'd be
> pissed if someone decided to test my home security by trying to jimmy a lock
> or force a door (or even going around seeing if any doors are unlocked,
> despite that being my own bad), but if I'm going to provide a service
> (tor/doorbell) it has to be expected that occasionally someone unexpected is
> going to use it, whether this is a pleasant surprise
> (girl-scouts/friendly-researcher) or a hell of an annoyance
> (traveling-salesman/malicious-hacker).
>
> /contrived analogy
>
> At any rate, since you've found that your view of ethics clearly does not
> match many others' on the internet, and have since taken your node(s) down,
> why is this still an issue?

It isn't

> Mike's advice is really the best way to go here.

Wrong.  The quote is from section 2.10 of RFC 793

  TCP implementations will follow a general principle of robustness:  be
  conservative in what you do, be liberal in what you accept from
  others.

Things have changed since 1981.  Being liberal in what you accept from
others on the Internet now gets you pwned.

Lee


>
> ~Justin Aplin
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk