[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
From: Moritz Bartl <moritz@xxxxxxxxxxxxxx>
Date: Thu, 03 Mar 2011 11:40:47 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 Mar 2011 05:41:14 -0500
In-reply-to: <4D6F361A.80205@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <4D67D98B.90306@xxxxxxxxxxxx> <4D6939B8.1000204@xxxxxxxxxxxxxx> <20110226175330.72ec4787@xxxxxxxxxxxxxxx> <8C366CC6-B4E8-401A-BA67-038D5913C968@xxxxxxx> <20110227165947.18bfae22@xxxxxxxxxxxxxxx> <29EBB0B6-402B-4A46-B362-A48F522A929B@xxxxxxx> <AANLkTi=jZ=Z8sFbg5pTXgBYkU7-FwiBORfX7jzi=i-KN@xxxxxxxxxxxxxx> <4D6F361A.80205@xxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7

Hi,

On 03.03.2011 07:32, Fabio Pietrosanti (naif) wrote:
> i am trying to create a low-responsibility TOR exit node that would
> allow the node to run without too much issue for the maintainer (few
> claim from operators).

Sounds interesting.

> P2P is out (OpenIPS), traffic to my originating country is out
> (iptables), i am testing removal of web attacks (trough snort inline)
> but i am not able to remove outgoing portscan that are now generating at
> least 1-2 claim per week.

You know that your exit will be chosen based on your ExitPolicy, and not
anything you do with iptables?
I encourage you to play with different exit policies, but ANYTHING you
do after already receiving the packets will hurt the network and should
be badexited.

> - long-lived tor exit node

What properties does a "long-lived tor exit node" have, other than being
up for a long time?

> - low-maintenance tor exit node

Run stable Tor. Use a limited Exit Policy. Hire an admin. Donate to
Torservers.

> - a tor exit node that cannot be used for P2P, Web attacks and Portscan

Tor exit nodes (and the Tor network as a whole) should be seen as an
ISP. I would not want my ISP to filter or block anything, especially
when I have NO CHANCE but to manually build a new circuit and retry.
Like Mike Perry said, it will only make those laugh that run portscans
or "web attacks" over Tor.

How do you plan on filtering "web attacks"?

Let me give you an example: We run the "limited exit policy" on a number
of exits [1]. Most of the complaints we are getting for our exits are
stupid web spams (forum posts etc) and mail spam sent through webmailers.
How are you going to stop them?

Suggestion:

ExitPolicy reject *:80

> - a tor exit node that generate very few claims (that means more
> resiliency against carrier/hosting disconnecting hte server)

See above.

> http://infosecurity.ch
:-(

[1] https://www.torservers.net/services.html#servers
-- 
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Chris Palmer
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Mitar
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Fabio Pietrosanti (naif)

Prev by Author: [tor-relays] Blutmagie (was: Re: weighting algorithm)
Next by Author: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Previous by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Next by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Index(es):
- Author
- Thread