[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] new relays

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] new relays
From: Andreas Krey <a.krey@xxxxxx>
Date: Wed, 28 Aug 2013 07:22:16 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 28 Aug 2013 01:22:33 -0400
In-reply-to: <A3DEC42B-024D-4E68-9993-042228357369@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <521CD93E.5010402@xxxxxxxxxxxxxxxx> <521D06A6.3080903@xxxxxxxxxxxxxx> <A3DEC42B-024D-4E68-9993-042228357369@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.2.1i

On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
>    GET /index.php?file=../../../../../../../etc/passwd
> 
> Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent.

No, you can't be sure. That request could quite well be totally legitimate;
you are not in a position to judge for the site owner.

(I'm just fighting against a 'transparent proxy' that thinks
POST with more than 1000 bytes are evil. Please don't add
more points of failure to an already fragile web.)

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] new relays
  - From: mick

References:
- [tor-relays] Being flooded.........
  - From: Allan Moon
- Re: [tor-relays] Being flooded.........
  - From: krishna e bera
- Re: [tor-relays] new relays
  - From: Tor Exit

Prev by Author: Re: [tor-relays] new relays
Next by Author: Re: [tor-relays] A bit more evidence on circuit creation storms
Previous by thread: Re: [tor-relays] new relays
Next by thread: Re: [tor-relays] new relays
Index(es):
- Author
- Thread