[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Police was here - whats next?

> I ran a tor exit node at that time, and I am confident somebody
> mis-used our tor exit node, as our WLAN is WPA2 encrypted.

This is one reason that if you are in any way [1] mixing:
a) your own use of the internet/Tor
b) running an exit relay
you should seriously consider logging either:
a) your own traffic (whether via internet or Tor)
b) exit traffic
c) both
To cover your ass. At least this way you'll have some form of
log you can present if needed to give more weight to an

This is easily accomplished by segmenting your network
into separate VLAN's or interfaces and using passive
monitoring such as netflow or tcpdump to capture IP
traffic headers.
It's also easy to encrypt the logs of at least your own traffic
to prevent needless profiling from that data source
should your systems be borrowed against your will.

I'm sure others will argue 'logging bad' and 'legal footing',
so I won't cover those aspects here. To each their own.

[1] Shared computers, IP addresses, physical location,
cohabitation, owners, etc.
tor-talk mailing list