Thus spake Gregory Maxwell (gmaxwell@xxxxxxxxx): > On Sat, Jan 29, 2011 at 9:56 PM, grarpamp <grarpamp@xxxxxxxxx> wrote: > >> I dont see how to recognize if the traffic is recorded? Various research groups occasionally experiment with using side channels for detecting recording exits. Their results are not usually reproducible, though (no source code, poor design, poor quality control, too easy to mitigate, etc). :/ They do occasionally find interesting stuff. But then they either publish, or get rejected, and then shut down their code and forget about it. > Instead, I think that nodes which exit _only_ to the unencrypted > version of a service (e.g. 80 but not 443) should be excluded from > operating as exits entirely (except as enclaves). In this way these > nodes would be force to "pay their way". We can't stop them from > sniffing, but at least we can make them carry traffic they can't sniff > as part of the cost of doing their evil business. They could do things > like severely throttle encrypted traffic, but that is activity that > testing could detect. > > As far as that exit policy goes, the RFC1918 blocks might be there in > an ignorant attempt to trigger the exit flag for completely benign > reasons, though sniffing sounds more likely. I agree. We already have scripts to detect this, we just have not yet decided to actually use them yet. I believe we should. Currently, 5 nodes exit to *only* plaintext ports for web and email. There are about 50 others that exit to the plaintext versions for web or email. I believe we hould ban these 5 immediately, and consider banning the other 50 after issuing the appropriate announcements. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpG0g3yHwW9G.pgp
Description: PGP signature