On Sat, 26 Feb 2011 12:13:53 -0800 Chris Palmer chris@eff.org allegedly wrote:
On Feb 26, 2011, at 9:53 AM, mick wrote:
No reputable security researcher would a) scan a network without that network owner's explicit permission, nor b) use tor for that scan.
Lots of reputable security researchers who scan the entire internet without getting permission. You can't get permission from every operator in the world, but you still need to do good and interesting research. Examples of reputable researchers who have scanned the whole internet include Dan Bernstein, Dan Kaminsky, and EFF. (At least I think we're reputable. :) ) I don't know for sure, but I can't imagine Arbor, CAIDA, and Renesys can do their jobs without scanning the internet.
Using Tor to scan the internet is a good way to see how the internet looks from different perspectives at once, which can be quite valuable.
Hmmm. Maybe I should have said "should" rather than "would". And you seem to have missed the point about network scanning being illegal in some jurisdictions. Section 3 of the UK Computer Misuse Act of 1990, as amended by the Police and Justice Act of 2006 makes such "reckless" activity an offence.
I cannot believe I am entirely alone in taking network scanning as potentially hostile activity, or at least as potentially the precursor to hostile activity. UK pen testers and researchers are usually pretty careful to ensure that they have written authority from owners of networks they wish to test before undertaking any remote scanning. Further, they will undertake that scanning from known, identifiable networks of their own. Hiding behind tor (or any other anonymising service) is not a good idea. At the least it could result in tor being seen as the source of hostile activity when we all recognise that is unhelpful.
And regardless of the legality of the action, the AUPs of the service providers that most of us use for our tor nodes will specifically preclude network scanning (along with mail spamming etc). This means that providers could (as has been the case for Bianco Veigel) get irritated enough to shut down the service.
I run (currently) three exit nodes which I provide on VPSs and pay for out of my own pocket because I believe that tor offers a valuable service. I can (and have) defend what appears to be hostile action emerging from my node as the action of "bad guys" beyond my control. In a particular recent case I was lucky to have an understanding MSP willing to listen to my explanation rather than just pulling the plug.
If my exit node was cited as the source of potentially hostile network scanning and my MSP /did/ pull the plug, I'd be disappointed, and tor would be shy of at least one exit node. But if I believed that the activity was the result of some "reputable" researcher simply using tor for his or her own ends /without/ warning tor relay owners, I'd be pretty pissed off.
I'd welcome the views of other node providers here.
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------