[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
From: Mitar <mmitar@xxxxxxxxx>
Date: Wed, 2 Mar 2011 14:04:01 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 02 Mar 2011 08:04:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=757od15MvMwcqq5WynLv1j1GJ6cAVBcwcK6/HlQRBX0=; b=cC7BZOUyf6IxGO4dIxMhYpSsfjYOiCgDnSFScZ+ePNfwIVLMAo6yghCrTzhJp+hHsY TcYct5GIPfMxBxi3WcpndR3hGC+oaEmh9Kax7MZuq7u8WSKClV04nMTW4595QcIkcklu +u2ZJpEOQFQvyWYV5g6Ok1wuwVuNCG1tZzdzA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=mmKfHEUb1a1YJztqASQ0DixGlKU0XB6DTRwhtNovtpG8JiYELqnei6oUpUvloqJpy/ Seo2WZ2tHGr/CfcZJQwniomaDHPXXYoEA6wztsm4qx+hLqr4wfHPVmdVaWmQu8rqK/8i /pR9q0INiPs9vBl5+St9eBm07snoFt87YrBFg=
In-reply-to: <29EBB0B6-402B-4A46-B362-A48F522A929B@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <4D67D98B.90306@xxxxxxxxxxxx> <4D6939B8.1000204@xxxxxxxxxxxxxx> <20110226175330.72ec4787@xxxxxxxxxxxxxxx> <8C366CC6-B4E8-401A-BA67-038D5913C968@xxxxxxx> <20110227165947.18bfae22@xxxxxxxxxxxxxxx> <29EBB0B6-402B-4A46-B362-A48F522A929B@xxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx

Hi!

On Tue, Mar 1, 2011 at 7:09 AM, Chris Palmer <chris@xxxxxxx> wrote:
> For example, the SSL Observatory does a "scan" that is very similar to what happens when a
> user clicks a link and then immediately clicks the Stop button in the browser: SYN, SYN/ACK,
> ACK, Client Hello, Server Hello + Certificate, goodbye. We do this once per IP every few months.
> Out of 4 billion IP addresses, we got one complaint that I know of.

Interesting. We were doing the very same thing (opening only 80 and
443 ports to check for certificates) just few weeks ago over whole IP
space and got a few complaints: from ATT, usu.edu and usi.com.

Maybe the difference was in speed of scanning? We randomized order of
scanning but still some networks detected us as scanning their whole
ranges.

And what is even more interesting is that our ISP was much more eager
for us to reply to those complaints than to complaints for us running
a Tor exit node some time ago. At that time they didn't even require
from us to respond. They just forwarded us e-mails in a FYI manner.
Maybe they changed some policies in meantime.

Mitar
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Chris Palmer
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Fabio Pietrosanti (naif)

References:
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Chris Palmer

Prev by Author: Re: [tor-relays] Advice for high throughput Tor node
Next by Author: [tor-relays] Bridges on OpenWrt
Previous by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Next by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Index(es):
- Author
- Thread