[tor-relays] Network Scan through Tor Exit Node (Port 80)
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Wed Mar 9 21:01:07 UTC 2011
On 3/9/11 9:45 PM, Chris Palmer wrote:
> On 03/09/2011 08:17 AM, mick wrote:
>
>> And as Scott said, I don't see why EFF should place the operators
>> of Tor nodes at risk by using Tor as a scanning tool.
>
> Again, do you understand what it is we are doing?
>
> We are not doing a scan with Nmap set to "aggressive" or "stealthy" on
> all ports.
>
> We are saying hello on port 443, and then saying goodbye. Once. Using
> normal TCP and TLS handshaking, no tricks. For the good of the internet.
But does i understood that the SSL Observatory scan are done trough TOR
nodes?
In such case it would be interesting to know which is the algorithm used
to distributed the scan across the internet.
Depending on how the randomization and distribution across different
IPs/netblocks is efficient it may or may not trigger Port Scan Detection
systems.
If the SSL scan is very well distributed not only at IP layer (which
destination IP address) but also at TOR-Circuit level (for example
sending a maximum of X packets on each TOR-Circuit) it would for sure
not trigger any portscan detector.
But maybe there's a bug and the scan and so enough randomized so that
they appear like a portscan in some sensible portscan system when
getting out to a TOR-exit node? (i don't know)
-naif
http://infosecurity.ch
More information about the tor-relays
mailing list