-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Markus,
Your arguments are fair and correct and mostly I tend to agree.
But, the port scans, malware distribution and spamming existed before Tor, exist in parallel with Tor and will continue to exist even if Tor will disappear.
I admin a lot of servers opened to the public internet and I have noticed, for q quick example, that if you don't change the default SSH port (22) and implement ssh-key based authentication, the server will be flooded with failed login attempts (password brute forcing). The SSH logs also save the remote IP address - you will be amazed that almost all of those IP addresses do not belong to Tor exit relays. The percent of Tor-IP addresses in these logs is very small and insignificant, compared to other non-Tor IP addresses.
A basic web server running Apache2, its access log will have tens of thousands of requests for /phpmyadmin or /wp-admin or other paths, from scripts which try to brute force phpmyadmin or other CMS web apps (such as wordpress, joomla). Again, the logs also include the remote IP address - we see here IP addresses of Tor exit relays in a very small percent compared to other non-Tor IP addresses.
When port scanning or brute forcing, doing it through Tor has many disadvantages, such as being very slow (can't handle too many concurrent requests), exit relays IP addresses being blacklisted and so on.
It's much more practical to just use a compromised computer with good bandwidth which can handle many requests per second and has a not-blacklisted IP address. There are hundreds of thousands of such computers on the internet. Secondly, there are infected computers which can be used as proxies, all these represent a better solution than Tor for port scanning and brute forcing.
I totally agree on some good and sane anti-abuse measures, but without undermining the freedom and anonymity of the users.
Port scanning is just 'the noise of the internet' - in almost all cases it's irrelevant if someone performs a port scan on a server, as long as the server is properly secured. If your SSH port is 22, password authentication enabled, and your root password is 12345 ..... ta-ta.
On 3/9/2015 4:40 PM, Markus Hitter wrote:
Am 09.03.2015 um 15:13 schrieb s7r:
This is a speculation and it's not backed up by anything real. Can you define "crack down on Tor"? People and organizations are researching and trying to find a flaw in Tor since Tor was born - there is a good side here, being widely studied and getting a lot of attention makes it the best anonymity network available.
One flaw which IMHO has to be solved sooner or later is the openess to abuse. Like port scans, like malware distribution, like spamming, you name it. Right now this task is left to the regular website operators and they don't like it, often resulting in general blocking of Tor exits.
To what I understand, Tor's goal is to make flow of information free and to allow this freedom, anonymous. This doesn't include abuse, so implementing at least basic anti-abuse measures would make this network much more general website friendly and accordingly get it closer to its goals.
Markus
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays