Andreas Krey a.krey@gmx.de wrote:
On Sun, 17 Sep 2017 08:13:43 +0000, Scott Bennett wrote: ...
connections to other relays somewhere, those of us using packet filters could include the rest of the missing addresses in aid of the connectivity you want.
I really don't see what the point is in this filtering. Any attacker can just fire up its own relay and attack from there once its address in the consensus.
Attackers/probers, at least of my system, do not appear to be aware of tor, or of most other applications, for that matter. They assault mainly any open ports they find. The IP addresses from which such attacks connect are either direct attackers or are systems whose security is inadequately attended to and have been commandeered by attackers. The purpose of the filter rules is to deny the attackers access to *anything* on my system to the degree to which they can be identified. The source IP addresses belonging to tor relays are a special case because attacks might exit through them or might be running on those systems, but tor connectivity must be maintained. So the rules are a compromise. They allow inbound connections only to the ORPort and the DirPort from all addresses known to belong to tor relays in order to maintain that connectivity. Any such attacks on the ORPort or DirPort from those addresses are a) likely to be rare, if only because the time delays in going through tor to attack tor (or anything else) slow the attacker's automation to a degree usually not accepted by the attacker's software and b) also rare because the tor relay operator community tends to be significantly more security-conscious than the vastly broader community of Internet users at large and are therefore far less likely to allow stuff on their systems running relays to engage in such attacks in the first place. Addresses in the list of offending addresses that are not also in the list of tor relay addresses are blocked from attacking tor or any other services on my system. The problem here stems from allowing secret addresses to belong to tor relays inasmuch as connections from those secret addresses cannot be protected in the fashion described above. FWIW, I had composed two or three nights ago a fairly detailed response to teor's arguments against what I had previously posted, when my Comcast connection went down several times in rapid succession, destroying my SSH session. Unfortunately, virecover on SDF's servers does not actually produce usable recovery files, so the message, which was almost ready to be sent, was lost. I managed to copy many blocks of text from several pages of the screen buffer into a file on my system, but their order is scrambled. As soon as I can spare the time to reconstruct my arguments and proposed solutions, I will do so, but at the moment I have urgent personal matters to attend to for a few days.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************