[tor-relays] Network Scan through Tor Exit Node (Port 80)

mick mbm at rlogin.net
Sun Feb 27 16:59:47 UTC 2011 

On Sat, 26 Feb 2011 12:13:53 -0800
Chris Palmer <chris at eff.org> allegedly wrote:

> On Feb 26, 2011, at 9:53 AM, mick wrote:
> 
> > No reputable security researcher would a) scan a network without
> > that network owner's explicit permission, nor b) use tor for that
> > scan.
> 
> Lots of reputable security researchers who scan the entire internet
> without getting permission. You can't get permission from every
> operator in the world, but you still need to do good and interesting
> research. Examples of reputable researchers who have scanned the
> whole internet include Dan Bernstein, Dan Kaminsky, and EFF. (At
> least I think we're reputable. :) ) I don't know for sure, but I
> can't imagine Arbor, CAIDA, and Renesys can do their jobs without
> scanning the internet.
> 
> Using Tor to scan the internet is a good way to see how the internet
> looks from different perspectives at once, which can be quite
> valuable.
> 
> 
Hmmm. Maybe I should have said "should" rather than "would". And you
seem to have missed the point about network scanning being illegal
in some jurisdictions. Section 3 of the UK Computer Misuse Act of 1990,
as amended by the Police and Justice Act of 2006 makes such
"reckless" activity an offence. 

I cannot believe I am entirely alone in taking network scanning as
potentially hostile activity, or at least as potentially the
precursor to hostile activity. UK pen testers and researchers are
usually pretty careful to ensure that they have written authority
from owners of networks they wish to test before undertaking any
remote scanning. Further, they will undertake that scanning from
known, identifiable networks of their own. Hiding behind tor (or any
other anonymising service) is not a good idea. At the least it could
result in tor being seen as the source of hostile activity when we
all recognise that is unhelpful.

And regardless of the legality of the action, the AUPs of the service
providers that most of us use for our tor nodes will specifically
preclude network scanning (along with mail spamming etc). This means
that providers could (as has been the case for Bianco Veigel) get
irritated enough to shut down the service.

I run (currently) three exit nodes which I provide on VPSs and pay
for out of my own pocket because I believe that tor offers a valuable
service. I can (and have) defend what appears to be hostile
action emerging from my node as the action of "bad guys" beyond
my control. In a particular recent case I was lucky to have an
understanding MSP willing to listen to my explanation rather than
just pulling the plug. 

If my exit node was cited as the source of potentially
hostile network scanning and my MSP /did/ pull the plug, I'd be
disappointed, and tor would be shy of at least one exit
node. But if I believed that the activity was the result of
some "reputable" researcher simply using tor for his or her
own ends /without/ warning tor relay owners, I'd be pretty
pissed off.  

I'd welcome the views of other node providers here. 

Mick          

 

---------------------------------------------------------------------

The text file for RFC 854 contains exactly 854 lines. 
Do you think there is any cosmic significance in this?

Douglas E Comer - Internetworking with TCP/IP Volume 1

http://www.ietf.org/rfc/rfc854.txt
---------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20110227/6173d0f8/attachment.pgp>

More information about the tor-relays mailing list