[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Banned from Slashdot



On Mon, May 30, 2005 at 01:06:10PM -0400, Jamie McCarthy wrote:
> Tor's banned from posting to Slashdot, at least posting anonymously,
> because of extended abuse.  We hope we don't have to ban _reading_
> from Tor, but that depends on the level of abuse we see.   If anyone
> has an alternative, please let me know.

Under what circumstances would Slashdot be forced to ban reading from
Tor?  It seems to me that the only way in which reading can be abusive
is a packet storm, and the throughput of Tor is simply insufficient to
accomodate this sort of abuse.

> Is there any interest in having Tor's exit nodes check a standard
> location on websites that are being connected to, to see if that
> site has a policy about what anonymizing networks should and should
> not be allowed to do?  For example, if we could put a machine-
> parseable file at a standard URL on slashdot.org that would ask Tor
> not to transmit POST requests to any URL on our site beginning with
> "/comments.pl", that would be a way to minimize attackers' damage.
> A way to request rate-limiting would be welcome too.  Any ideas?

Tor does not in any way examine the application-layer contents of the
TCP streams it transports.  Thus, it would not be possible for Tor to
recognize an HTTP request, put it on hold for a moment, transmit an
additional HTTP request, wait for the response, use the response to
check to see if the particular HTTP request it received meets the
specified criteria, and then either drop or send the original request.

However, it might be interesting to design an HTTP proxy to be
positioned between the browser and Tor such that the proxy requests the
policy statement from the target webserver via Tor and then issues the
HTTP request if the policy is satisfied.  Of course, this would be
opt-in; the webserver could still expect to see requests that do not
conform to policy.  On the other hand, in this case the webserver
maintainer would have a stronger argument for rejecting requests from
all Tor nodes that do not conform to policy.  I suppose that whether
this is or is not valuable is debatable.

Geoff

Attachment: signature.asc
Description: Digital signature