On Sat, 2009-06-13 at 13:48 -0600, Jon wrote: > grarpamp wrote: > > One person's legit is another's bogus. It's always been that way. > > Other than routing, the use of the internet is partly chaos and > > it's not changing any time soon. "Packets found on an internet", > > they exist, therefore they are, deal with it. So let's forget about > > this port number legitimacy thing. > > > > Further, some of us are real world network operators. We routinely > > sniff and record traffic as part of our jobs. In fact, if we did > > not, we would be very ineffective in our positions. Sniff if you > > want, don't if you don't. So we can also throw this argument out > > the window as to each their own. > > > > What we really want to know as network operators is what exactly > > IS going on in this case. And a simple count of SYN's is not enough > > for some operators to make a decision regarding their rulesets. > > > > Because for all they know, that traffic may indeed be diplomatic > > communications with the Borg that are keeping our planet from being > > assimilated. And well, unless you're Borg, or wish to become one, > > that's pretty legitimate :) > > > > Sniff that thing out, bring the full stats, write a whitepaper. > > Operators will look at it and make their own choices. > > > > Storing/grokking a days worth of tcp/43 sessions to find what percent > > of them have whois strings should be easy. As should tallying up > > the top ten whois queries and a distribution curve. That could help > > determine if it's some clients gone haywire or normal. Though > > somewhat like a ping someone left running, over Tor you'd just have > > to wait it out. Classifying and counting the non whois sessions > > would be harder but definitely interesting. > > > > If I was running an exit I would have already done and posted this > > for you all, but I'm not at the moment, so I can't. I yield the > > podium to my esteemed and valued peers on this list :) > > > I can not agree. Sniffing the traffic at the exit node actually does > jeopardize the reason people are using this software in the first place. > > Jon My understanding is that the Tor network provides some measure of *anonymity* regardless of whether the exit node listens to traffic. Certainly the reason for using Tor is not to magically protect your traffic from every being eavesdropped upon -- only end-to-end crypto can do that. Is this false? I ask out of genuine concern, because if exit nodes have to be trusted not to snoop on data for Tor to work properly (providing anonymity), Tor is not what I thought it was.
Attachment:
signature.asc
Description: This is a digitally signed message part