[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
On Sunday 27 February 2011 11:59:47 mick wrote:
> Hmmm. Maybe I should have said "should" rather than "would". And you
> seem to have missed the point about network scanning being illegal
> in some jurisdictions. Section 3 of the UK Computer Misuse Act of 1990,
> as amended by the Police and Justice Act of 2006 makes such
> "reckless" activity an offence.
<snip>
> And regardless of the legality of the action, the AUPs of the service
> providers that most of us use for our tor nodes will specifically
> preclude network scanning (along with mail spamming etc). This means
> that providers could (as has been the case for Bianco Veigel) get
> irritated enough to shut down the service.
<snip>
> If my exit node was cited as the source of potentially
> hostile network scanning and my MSP /did/ pull the plug, I'd be
> disappointed, and tor would be shy of at least one exit
> node. But if I believed that the activity was the result of
> some "reputable" researcher simply using tor for his or her
> own ends /without/ warning tor relay owners, I'd be pretty
> pissed off.
>
> I'd welcome the views of other node providers here.
Here's my proposal: Add a parameter PortScanLimit to the relays section of
torrc. It can be set to any nonnegative integer. If PortScanLimit is n>0,
then as soon as a circuit has made n failed attempts to connect, the relay
shuts down the circuit. If PortScanLimit is 0, there is no limit on failed
attempts to connect. Relay operators in jurisdictions or ISPs that prohibit
port scanning can set this to, say, 10, and relay operators not in such
jurisdictions who have no qualms about their exit node being used for
scanning can set it to 0. This parameter should not be listed in the
directory; any client running a port scan will eventually find an exit that
allows scanning, if there are any.
cmeclax
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays