On Mon, May 30, 2005 at 01:06:10PM -0400, Jamie McCarthy wrote: > Tor's banned from posting to Slashdot, at least posting anonymously, > because of extended abuse. We hope we don't have to ban _reading_ > from Tor, but that depends on the level of abuse we see. If anyone > has an alternative, please let me know. Under what circumstances would Slashdot be forced to ban reading from Tor? It seems to me that the only way in which reading can be abusive is a packet storm, and the throughput of Tor is simply insufficient to accomodate this sort of abuse. > Is there any interest in having Tor's exit nodes check a standard > location on websites that are being connected to, to see if that > site has a policy about what anonymizing networks should and should > not be allowed to do? For example, if we could put a machine- > parseable file at a standard URL on slashdot.org that would ask Tor > not to transmit POST requests to any URL on our site beginning with > "/comments.pl", that would be a way to minimize attackers' damage. > A way to request rate-limiting would be welcome too. Any ideas? Tor does not in any way examine the application-layer contents of the TCP streams it transports. Thus, it would not be possible for Tor to recognize an HTTP request, put it on hold for a moment, transmit an additional HTTP request, wait for the response, use the response to check to see if the particular HTTP request it received meets the specified criteria, and then either drop or send the original request. However, it might be interesting to design an HTTP proxy to be positioned between the browser and Tor such that the proxy requests the policy statement from the target webserver via Tor and then issues the HTTP request if the policy is satisfied. Of course, this would be opt-in; the webserver could still expect to see requests that do not conform to policy. On the other hand, in this case the webserver maintainer would have a stronger argument for rejecting requests from all Tor nodes that do not conform to policy. I suppose that whether this is or is not valuable is debatable. Geoff
Attachment:
signature.asc
Description: Digital signature