[tor-relays] HoneyPot?
Mike Perry
mikeperry at torproject.org
Thu Oct 29 21:05:42 UTC 2015
Green Dream:
> Mirimir: aside from the nickname, do you have any reason to believe it was
> out of the ordinary? The exit policy mostly only seems to allow
> non-encrypted services (80 but not 443, 143
A while ago we were actively marking nodes that only allowed
non-encrypted services as BadExit, since there were no satisfactory
explanations given as to why nodes should need this policy.
Back then, the most common explanation people gave was "I need the
ability to block traffic that looks evil." Unfortunately, all mechanisms
available to do this will also end up blocking legitimate content at
some rate. Nobody was using anything more advanced than snort-style
regular expressions that matched things that happened to look like
exploits.
FWIW, I am personally in favor of reinstating such a policy. I doubt the
situation has changed.
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151029/e8d2aba4/attachment.sig>
More information about the tor-relays
mailing list