On 3/9/11 5:17 PM, mick wrote:
I'm with Scott. Whilst I don't necessarily agree that a portscan is an attempt to gain unauthorised access, I don't like them for the following reasons:
they are /indicative/ of reconnaisance activity which may be a precursor to later attack.
they tend to irritate ISPs (and corporations which log such activity). If the scan comes from a system for which I am responsible, they will likely vent that irritation at me.
scans /can/ and /do/ cause DOS on some devices. A cursory search of bugtraq archives should unearth plenty of examples. Some examples I am aware of (though admittedly unlikely to reachable from a Tor exit node) are the HP procurve switch, some Jetdirect printers, some Netgear DSL routers etc. As I have pointed out before, this is illegal in the UK (our legislation being "laughably absurd" doesn't stop it being the law.)
I fully underline what's told by Mike, it's a dangerous topic, but being able to implement some kind of filering at exit node is required.
Probably implementing something as an external tool is better to avoid introducing "filtering logic" directly into TOR project.
Do we want to try to setup a working group on this?
-naif http://infosecurity.ch