[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] HoneyPot?



Green Dream:
> Mirimir: aside from the nickname, do you have any reason to believe it was
> out of the ordinary? The exit policy mostly only seems to allow
> non-encrypted services (80 but not 443, 143

A while ago we were actively marking nodes that only allowed
non-encrypted services as BadExit, since there were no satisfactory
explanations given as to why nodes should need this policy.

Back then, the most common explanation people gave was "I need the
ability to block traffic that looks evil." Unfortunately, all mechanisms
available to do this will also end up blocking legitimate content at
some rate. Nobody was using anything more advanced than snort-style
regular expressions that matched things that happened to look like
exploits.

FWIW, I am personally in favor of reinstating such a policy. I doubt the
situation has changed.

-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays