[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
From: cmeclax-sazri <cmeclax-sazri@xxxxxxxxxxxxxxxx>
Date: Wed, 9 Mar 2011 09:28:17 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Mar 2011 09:28:35 -0500
In-reply-to: <4D773833.30206@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <201103081004.p28A4DNm014704@xxxxxxxxxxxxx> <20110308183512.15c203c7@xxxxxxxxx> <4D773833.30206@xxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)

On Wednesday 09 March 2011 03:20:03 Fabio Pietrosanti (naif) wrote:
> On 3/9/11 3:35 AM, Robert Ransom wrote:
> We *really* need to find a technical way to be able to detect and block
> outgoing portscan from the TOR exit nodes.

How is the ISP detecting the portscan? Does it log failed connections? Does it 
look for lots of addresses accessed in a small IP address range?

On Wednesday 09 March 2011 04:19:54 Fabio Pietrosanti (naif) wrote:
> And in such extremely finely tuned situation, block or
> strongly-rate-limit the traffic to the destination?

Rate-limiting the circuit (to one packet every 1 to 5 seconds) is something to 
try. We could divide the number of failed connections by (number of 
connection attempts +5), and if that goes above 50%, throttle the circuit.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Scott Bennett
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Robert Ransom
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
  - From: Fabio Pietrosanti (naif)

Prev by Author: [tor-relays] Are friends family?
Next by Author: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Previous by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
Next by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Index(es):
- Author
- Thread