North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Tor and network security/administration
- From: Kevin Day
- Date: Wed Jun 21 18:43:35 2006
On Jun 21, 2006, at 4:08 PM, Todd Vierling wrote:
On 6/21/06, Kevin Day <email@example.com> wrote:
Failing that, having an exit node look at HTTP headers back from the
server that contained a "X-No-Anonymous" header to say that the host
at that IP shouldn't allow Tor to use it would work.
What's to stop one or more exit node operators from hacking such a
check right back out of the code?
Nothing, but it's the same nothing that stops me from just blocking
all Tor exit nodes at the border.
If they showed a little bit of responsibility and allowed other
people to make the decision if they wanted to deal with anonymous
users or not, I'd be more than willing not to ban the whole lot of them.
Areas where there already is no expectation of anonymity don't allow
you to hide your identify in the "real world", so I'm not sure why
there is the notion that it's a right on the internet. Try applying
for a credit card anonymously, or cashing a check in a bank wearing a
ski mask and refusing to show any ID.
I realize fighting open proxies(even ones like this that aren't the
result of being trojaned/backdoored) is a losing battle, but the
sheer ease in ANYONE being able to click "Give me a new identity"
with Tor has really invited the masses to start playing with credit
card fraud at a level I hadn't seen before. I'm willing to bet others
are experiencing the same thing, but just don't realize they are
because they're unfamiliar with Tor and don't know where to look.
On top of all of that, I fully understand that the authors of Tor
would have no desire to add such a feature. Their users are the end
users, and placating pissy network operators gives them no benefit.
All I can say is that if we had a better way of detecting Tor nodes
automatically, and making policy decisions based around that fact,
we'd be less likely to flat out ban them all.
On Jun 21, 2006, at 4:53 PM, Jeremy Chadwick wrote:
I'm also left wondering something else, based on the "Legalities"
Tor page. The justification seems to be that because no one's ever
been sued for using Tor to, say, perform illegitimate transactions
(Kevin's examples) or hack a server somewhere (via SSH or some other
open service), that somehow "that speaks for itself".
I don't know about the rest of the folks on NANOG, but telling a
court "I run the Tor service by choice, but the packets that come
out of my box aren't my responsibility", paraphrased, isn't going
to save you from prison time (at least here in the US). Your box,
your network port, your responsibility: period.
We had a sheriff in a small town in Alabama quite ready to test that
theory at one point. A Tor exit node was used to purchase several
hundred dollars of services on a 75 year old woman's credit card that
had never used a computer in her life. It took a LOT of explaining,
but after he and the county DA understood what Tor was about, they
were completely willing to bring charges against the owner of the IP
of the exit node. The credit card holder, however, asked that they
drop the matter, so it never went anywhere. I would have been very
curious to see how it turned out though.
On Jun 21, 2006, at 5:18 PM, Steve Atkins wrote:
If the traffic is abusive, why do you care it comes from Tor? If
a pattern of abusive traffic from a few hundred IP addresses, block
those addresses. If you're particularly prone to idiots from Tor (IRC,
say) then preemptively blocking them might be nice, but I doubt the
number of new Tor nodes increases at a fast enough rate for it to be
Normally if we get a lot of fraud from one user, we force all
transactions inside that /24 (or whatever the bgp announcement size
is) to be manually approved.
This is different because one cranky/pissed off/thieving user has
control of hundreds of IPs scattered across the world. You can play
whack-a-mole with them for hours, and they can keep coming back on a
new IP. Each one can be a fraudulent credit card order, costing us
hundreds of dollars each.
We have preemptively blocked all the Tor exit nodes we can find, but
they do change at a rate fast enough that a static list isn't
sufficient. Many run off cable modems out of a DHCP pool that get a
new address periodically.