[tor-relays] Network Scan through Tor Exit Node (Port 80)
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Wed Mar 9 17:21:48 UTC 2011
On 3/9/11 5:17 PM, mick wrote:
> I'm with Scott. Whilst I don't necessarily agree that a portscan is an
> attempt to gain unauthorised access, I don't like them for the
> following reasons:
>
> - they are /indicative/ of reconnaisance activity which may be a
> precursor to later attack.
>
> - they tend to irritate ISPs (and corporations which log such
> activity). If the scan comes from a system for which I am
> responsible, they will likely vent that irritation at me.
>
> - scans /can/ and /do/ cause DOS on some devices. A cursory search
> of bugtraq archives should unearth plenty of examples. Some examples I
> am aware of (though admittedly unlikely to reachable from a Tor exit
> node) are the HP procurve switch, some Jetdirect printers, some
> Netgear DSL routers etc. As I have pointed out before, this is
> illegal in the UK (our legislation being "laughably absurd" doesn't
> stop it being the law.)
I fully underline what's told by Mike, it's a dangerous topic, but being
able to implement some kind of filering at exit node is required.
Probably implementing something as an external tool is better to avoid
introducing "filtering logic" directly into TOR project.
Do we want to try to setup a working group on this?
-naif
http://infosecurity.ch
More information about the tor-relays
mailing list