On 03/09/2011 01:01 PM, Fabio Pietrosanti (naif) wrote:
But does i understood that the SSL Observatory scan are done trough TOR nodes?
No. The Observatory scans were done from EFF machines in our data center. Our slides and source code and data are available for free. Please check them out.
We propose, in the next phase of Observatory research, to distribute the scanning by providing an open source Firefox plugin that would do some scan work. If it saw anything interesting, it would report its results (with user consent, of course) to our collection server through Tor. The purpose of distributed scanning is to get a wider view of the TLS universe, and the purpose of reporting the results through Tor is to allow users to have anonymity even while helping populate the Observatory.
Actually scanning through Tor might be nifty, might be useful. But it's not currently in our plan anyway.
Mostly my purpose in this thread has been to assert that gentle, non-abusive TCP connections for the purpose of research are gentle, non-abusive, and good for research. Tor is the best overlay network in the world, and that's a handy thing for lots of nice reasons besides the nice reason of anonymity.
In such case it would be interesting to know which is the algorithm used to distributed the scan across the internet.
Our code is open source, and any new code also will be.
Depending on how the randomization and distribution across different IPs/netblocks is efficient it may or may not trigger Port Scan Detection systems.
Right. In any case our goal is to be gentle, not to hide.