[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Hi!
On Tue, Mar 1, 2011 at 7:09 AM, Chris Palmer <chris@xxxxxxx> wrote:
> For example, the SSL Observatory does a "scan" that is very similar to what happens when a
> user clicks a link and then immediately clicks the Stop button in the browser: SYN, SYN/ACK,
> ACK, Client Hello, Server Hello + Certificate, goodbye. We do this once per IP every few months.
> Out of 4 billion IP addresses, we got one complaint that I know of.
Interesting. We were doing the very same thing (opening only 80 and
443 ports to check for certificates) just few weeks ago over whole IP
space and got a few complaints: from ATT, usu.edu and usi.com.
Maybe the difference was in speed of scanning? We randomized order of
scanning but still some networks detected us as scanning their whole
ranges.
And what is even more interesting is that our ISP was much more eager
for us to reply to those complaints than to complaints for us running
a Tor exit node some time ago. At that time they didn't even require
from us to respond. They just forwarded us e-mails in a FYI manner.
Maybe they changed some policies in meantime.
Mitar
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays