[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Banned from Slashdot

goodell@xxxxxxxxxxxxxxxxxxxxxxxxxx (Geoffrey Goodell) writes:

> On Mon, May 30, 2005 at 01:06:10PM -0400, Jamie McCarthy wrote:
> > Tor's banned from posting to Slashdot, at least posting
> > anonymously, because of extended abuse.  We hope we don't have
> > to ban _reading_ from Tor, but that depends on the level of
> > abuse we see.   If anyone has an alternative, please let me
> > know.
> Under what circumstances would Slashdot be forced to ban reading
> from Tor?  It seems to me that the only way in which reading can
> be abusive is a packet storm, and the throughput of Tor is simply
> insufficient to accomodate this sort of abuse.

Any site with dynamically generated content can be attacked by
accessing URLs that require significant resources to return data.
If you need me to give examples, contact me off-list, but you can
probably think of some on your own.

> > Is there any interest in having Tor's exit nodes check a
> > standard location on websites that are being connected to, to
> > see if that site has a policy about what anonymizing networks
> > should and should not be allowed to do?  For example, if we
> > could put a machine- parseable file at a standard URL on
> > slashdot.org that would ask Tor not to transmit POST requests
> > to any URL on our site beginning with "/comments.pl", that
> > would be a way to minimize attackers' damage. A way to request
> > rate-limiting would be welcome too.  Any ideas?
> Tor does not in any way examine the application-layer contents of
> the TCP streams it transports.  Thus, it would not be possible
> for Tor to recognize an HTTP request, put it on hold for a
> moment, transmit an additional HTTP request, wait for the
> response, use the response to check to see if the particular HTTP
> request it received meets the specified criteria, and then either
> drop or send the original request.

I think it would indeed be possible for an exit node to do that.
If you mean that Tor was not designed to do that as a matter of
policy, then I guess I'm suggesting the policy could be changed.  If
there's some technical reason, then I apologize for my ignorance (and
please explain!).

Obviously someone recognized that Tor could be used to abuse SMTP
resources and configured the default exit node policy to block
sending mail.  That doesn't mean Tor's designers are opposed to
anonymity in email, it just means blocking that kind of attack makes
sense.  Well, HTTP is the new SMTP, in that it can be abused in
similar ways.  Different OSI layer, same problem.

> However, it might be interesting to design an HTTP proxy to be
> positioned between the browser and Tor such that the proxy
> requests the policy statement from the target webserver via Tor
> and then issues the HTTP request if the policy is satisfied.  Of
> course, this would be opt-in;

Right, and of course attackers don't opt in.

> the webserver could still expect to see requests that do not
> conform to policy.  On the other hand, in this case the webserver
> maintainer would have a stronger argument for rejecting requests
> from all Tor nodes that do not conform to policy.  I suppose that
> whether this is or is not valuable is debatable.

I'm a bit confused about how my site could make the determination
whether to reject such requests, but in any case, this would still
put a large burden on webmasters to protect their sites.  There are
many thousands of people on the web administering hundreds of
different software packages that all allow user posting in some
way.  Should programmers write and distribute hundreds of different
ways to limit or block Tor exit nodes from posting?  Or does it
make more sense for Tor's designers to recognize that, like SMTP,
HTTP can be used to spam, and implement a default exit node policy
that makes it as easy as possible for all those administrators to
limit damage?

By the way, would anyone be interested in rewriting section 7.3.3 of
the FAQ to be a little less confrontational?  I think Tor's
designers and many website maintainers (me in particular) are on the
same side, not "adversaries" as someone else on this list described.
I'm not claiming anyone's an "evil hacker," I don't have anything
against privacy, and I don't need to be persuaded to allow Anonymous
Cowards to post to Slashdot!  :)
  Jamie McCarthy