On Tue, 01 Mar 2011 13:34:23 -0800 Jacob Appelbaum jacob@appelbaum.net allegedly wrote:
<snipped>
I am attracted to cmeclax's idea of some form of torrc config option which could limit the potential for deliberate (or accidental but "reckless") scanning. Is there any mileage in pursuing something like that further? And if not, are there any other (current) recommended configurations which could mitigate possible problems?
I don't think such a configuration option makes any sense at all. We have many streams on a given circuit for load balancing. A clever scanner would simply use one circuit per connect attempt and it would generate a lot of load on the network.
I'd suggest that if you're concerned about someone making connections from your computer, it's probably a bad idea to run an Exit node...
OK, so that idea may not be a runner - but surely the whole purpose of the exit policy system is to allow us to run exit nodes which /do/ limit activity to that which we deem acceptable (or legal).
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------