George Shaffer <George.Shaffer@xxxxxxxxxxx> wrote: > On Thu, 2006-10-26 at 15:05, Fabian Keil wrote: > > George Shaffer <George.Shaffer@xxxxxxxxxxx> wrote: > > > On Mon, 2006-10-23 at 08:22, Fabian Keil wrote: > > > > George Shaffer <George.Shaffer@xxxxxxxxxxx> wrote: > > > > > > > > > . . . many web surfers, even > > > > > knowledgeable ones, like the "rich" experience and are willing to > > > > > sacrifice security and privacy for it. > > > > > > > > And they constantly get what they deserve. . . > > > > > > If a member of your family is sick with a contagious disease, and you > > > tend to them, do you "deserve" to get the disease? It might be > > > smarter to stay away and call a doctor, but perhaps you get infected > > > before you knew a doctor was needed, or while waiting for the > > > doctor, or can't afford a doctor. > > > > I fail to see the similarities between willingly sacrificing > > security and privacy for '"rich" experience' and caring about > > ones family. > > It may have been a poor analogy (I was thinking of computer viruses > which suggested disease) but my objection is to the use of the word > "deserve." Lets replace it with "shouldn't act surprised if they run into problems" then. > What is so often forgotten about malicious web attacks is that nearly > all web operators have a large investment in their sites and malicious > software hurts them as much or more as victim client computers. To go to > a malicious site you need to encounter a site whose security has been > compromised, be tricked into going to a site, be the victim of poisoned > DNS, receive an email with a macro based Outlook virus that uses IE > functionality, or deliberately browse fringe web sites. Or you can use Tor and give every Tor exit node operator the chance to render every "trusted site" that doesn't use encryption into a source of malware. > > > > Anyone interested whether or not your IP address is currently in > > > > use only needs to do a port scan. > > > > > > Are you sure? By "stealth" I mean . . . > > > > If the target IP address is unused, the scanner gets an error > > message send from the router located one hop before the target. > > If the scanner doesn't get this error message, it's safe to > > assume that the target system is running. > > By unused to you mean unassigned or will simply turned off result in > such a message? I don't have enough computers to test this and know of > no legal way to do so. I guess I have to take your word, though I've > never heard this before. Perhaps someone could provide a URL that > describes this. http://www.ietf.org/rfc/rfc792.txt > > > > And if you can't trust your firewall > > > > enough to work in cases where someone knows that your IP address is > > > > in use, you should get a firewall that actually works anyway. > > > > > > One might conclude, if one assumed these couple smart alec remarks > > > represented your entire knowledge of firewalls, that you don't seem > > > to know that once you open a port in a firewall to a server, e.g., > > > Tor and port 80, that the firewall cannot protect that server. > > > > The packet filter can still protect all other ports and > > increase the chances that the packets arriving at the Tor > > running server are valid. The Tor server's host system can make sure > > that a compromised Tor server doesn't cause too much damage. > > As a OpenBSD user you will be aware of systrace, > > other systems have similar tools. > > While I'm generally familiar with most of your points, and the one about > a firewall only allowing valid packets is a good one, in the context of > this discussion, your final sentence grates. Perhaps this comes from the > way German translates to English, but it would be much easier to read > "If you are not familiar with, then you should look up systrace" rather > than saying "you will be aware of." If I ever knew it I've completely > forgotten it. Looking at man, it does appear that it would be useful for > controlling "developmental" software on a very secure OpenBSD system. It's useful to control software in general. > Fabian, please make this the last time you suggest that I run a Tor > server whether locally or hosted. This is the third time you've > suggested that I run a server and the third time I said I'm not going > to. I thought we were discussing the (dis)advantaged of running a Tor server in general. I don't intend to convince you personally to run a Tor server, especially not if you don't even use the Tor client regularly. There are several valid reason not to run a Tor server at all, I just don't think that "local security" or "ISP terms of service" are among them. Fabian -- http://www.fabiankeil.de/
Attachment:
signature.asc
Description: PGP signature