Anyone know what HoneyPot was/is?
https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60C...
Probably someone being cute in their naming scheme.
Nchinda^2, -0.1743*kg^6 m^4 mol s^-14, @firescar96
On Thu, Oct 29, 2015 at 4:22 PM, Mirimir mirimir@riseup.net wrote:
Anyone know what HoneyPot was/is?
https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60C... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143
On Thu, Oct 29, 2015 at 1:22 PM, Mirimir mirimir@riseup.net wrote:
Anyone know what HoneyPot was/is?
https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60C... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
(Oops, sorry, an errant keyboard shortcut sent the email too early.)
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 but not 993), but that alone isn't enough to give it the BadExit flag:
https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays#Whatisa...
On 10/29/2015 02:42 PM, Green Dream wrote:
(Oops, sorry, an errant keyboard shortcut sent the email too early.)
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 but not 993), but that alone isn't enough to give it the BadExit flag:
https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays#Whatisa...
I had no reason to wonder about it, except for the name. But the fact that it only seems to allow non-encrypted services is suspicious.
I'm guessing that it is or was part of some research project that involves traffic interception.
Green Dream:
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143
A while ago we were actively marking nodes that only allowed non-encrypted services as BadExit, since there were no satisfactory explanations given as to why nodes should need this policy.
Back then, the most common explanation people gave was "I need the ability to block traffic that looks evil." Unfortunately, all mechanisms available to do this will also end up blocking legitimate content at some rate. Nobody was using anything more advanced than snort-style regular expressions that matched things that happened to look like exploits.
FWIW, I am personally in favor of reinstating such a policy. I doubt the situation has changed.
On 10/29/2015 03:05 PM, Mike Perry wrote:
Green Dream:
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143
A while ago we were actively marking nodes that only allowed non-encrypted services as BadExit, since there were no satisfactory explanations given as to why nodes should need this policy.
Back then, the most common explanation people gave was "I need the ability to block traffic that looks evil." Unfortunately, all mechanisms available to do this will also end up blocking legitimate content at some rate. Nobody was using anything more advanced than snort-style regular expressions that matched things that happened to look like exploits.
FWIW, I am personally in favor of reinstating such a policy. I doubt the situation has changed.
I concur. Peeking at exit traffic violates Tor integrity, no?
Given the current state of the internet (ie, massive warrantless spying by LEO's and packet inspection by ISP's) I cannot imagine how any TOR operator would block encrypted services and not be what most reasonable people consider a "Bad exit".
On 2015-10-29 14:05, Mike Perry wrote:
Green Dream:
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143
A while ago we were actively marking nodes that only allowed non-encrypted services as BadExit, since there were no satisfactory explanations given as to why nodes should need this policy.
Back then, the most common explanation people gave was "I need the ability to block traffic that looks evil." Unfortunately, all mechanisms available to do this will also end up blocking legitimate content at some rate. Nobody was using anything more advanced than snort-style regular expressions that matched things that happened to look like exploits.
FWIW, I am personally in favor of reinstating such a policy. I doubt the situation has changed.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]
Links: ------ [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I cannot imagine how any TOR operator would block encrypted services and not be what most reasonable people consider a "Bad exit".
It turns out this "HoneyPot" node is NOT blocking encrypted services. They allow ports 443, 993, and other encrypted services. Unfortunately that line of the exit policy isn't displayed on Atlas. You can see the full policy on Globe:
https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA...
On 10/29/2015 05:20 PM, Green Dream wrote:
I cannot imagine how any TOR operator would block encrypted services and not be what most reasonable people consider a "Bad exit".
It turns out this "HoneyPot" node is NOT blocking encrypted services. They allow ports 443, 993, and other encrypted services. Unfortunately that line of the exit policy isn't displayed on Atlas. You can see the full policy on Globe:
https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA...
Why does Atlas drop stuff?
On Thu, Oct 29, 2015 at 05:25:31PM -0600, Mirimir wrote:
On 10/29/2015 05:20 PM, Green Dream wrote:
Unfortunately that line of the exit policy isn't displayed on Atlas. You can see the full policy on Globe:
https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA...
Why does Atlas drop stuff?
Hm? I can see the exit policy just fine on Atlas. You need to scroll down in the "IPv4 Exit Policy Summary" table.
https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60C...
--Roger
On 10/29/2015 09:18 PM, Roger Dingledine wrote:
On Thu, Oct 29, 2015 at 05:25:31PM -0600, Mirimir wrote:
On 10/29/2015 05:20 PM, Green Dream wrote:
Unfortunately that line of the exit policy isn't displayed on Atlas. You can see the full policy on Globe:
https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA...
Why does Atlas drop stuff?
Hm? I can see the exit policy just fine on Atlas. You need to scroll down in the "IPv4 Exit Policy Summary" table.
https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60C...
--Roger
Doh. Thanks :)
tor-relays@lists.torproject.org
-
AMuse -
Green Dream -
Mike Perry -
Mirimir -
Nchinda Nchinda -
Roger Dingledine