Thus spake Fabio Pietrosanti (naif) (lists@xxxxxxxxxxxxxxx): > On 3/29/11 3:30 PM, cmeclax-sazri wrote: > > Opening a web page with lots of images results in lots of connections to web > > servers. If I hit the stop button before the images are loaded, my browser > > will close those connections without receiving any data. Web pages do not > > normally contain lots of HTTP links to sites that aren't running web servers, > > so a lot of refused connections does not look like anything that can happen > > in normal web browsing. Port scanning results in lots of connections closed > > upon opening and lots of connections refused; the distinctor is the lots of > > connections refused. So then when a website or ad server wants to DoS a tor user, they just introduce a tight open+close XMLHTTPRequest loop in some JS? > Ok, anyone willing to implement a portscan detector using such logic? :-) > > I candidate myself to test it with the risk of getting Bad-Exited ;P At the point where you are implementing stuff there's no reason to risk anything. As I've said before, we can safely signal to clients in real time that they should go elsewhere with their traffic. The Tor Protocol supports this. There is no need to break stuff for unsuspecting users. Srsly: https://lists.torproject.org/pipermail/tor-relays/2011-March/000675.html -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpTjXyi37Z1o.pgp
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays