Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tor and network security/administration

  • From: Matthew Sullivan
  • Date: Thu Jun 22 03:38:39 2006

Lionel Elie Mamane wrote:

On Thu, Jun 22, 2006 at 11:58:34AM +1000, Matthew Sullivan wrote:

Jeremy Chadwick wrote:

On Wed, Jun 21, 2006 at 05:02:47PM -0400, Todd Vierling wrote:


If the point of the technology is to add a degree of anonymity,
you can be pretty sure that a marker expressly designed to state
the message "Hi, I'm anonymous!" will never be a standard feature
of said technology. That's a pretty obvious non-starter.


Which begs the original question of this thread which I started:
with that said, how exactly does one filter this technology?


Of course SORBS' position is actually this - if you are allowing
Trojan traffic over the Tor network you will get listed (regardless
of whether the Trojans can talk to port 25 or not)....

How an open proxy that will not connect to port 25 is relevant for an
*email* blacklist is beyond me.

Perhaps because SORBS is not just an email blacklist? Perhaps because it is also used for webmail and other things...

...and for what it's worth, I have no problems with anonymous
networks for idealistic reasons, however they are always abused,
they will continue to be abused, Tor is being abused, and I should
be able to allow or deny traffic into my networks as I see fit....


All of my discussions with Tor people have indicated [they] do not
think I should have the right to deny traffic based on IP address,
and that I should find other methods of authenticating traffic into
my networks.

Isn't it rather that they think that filtering on the base of IP
address is broken in today's Internet, even if tor didn't exist? Open
proxies, trojans, multi-user computers, dynamic IPs, ... all this
makes that substituting IP address for people is very, very,
imprecise.

....and that is your opinion, which you are entitled to, others feel filtering by IP address is still valid and needed which is why they do it... Surely they are entitled to their opinions....?

Regards,

Mat




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.