[tor-relays] Network Scan through Tor Exit Node (Port 80)

[Chris Palmer]

On 03/09/2011 01:01 PM, Fabio Pietrosanti (naif) wrote:

> But does i understood that the SSL Observatory scan are done trough TOR
> nodes?

No. The Observatory scans were done from EFF machines in our data
center. Our slides and source code and data are available for free.
Please check them out.

We propose, in the next phase of Observatory research, to distribute the
scanning by providing an open source Firefox plugin that would do some
scan work. If it saw anything interesting, it would report its results
(with user consent, of course) to our collection server through Tor. The
purpose of distributed scanning is to get a wider view of the TLS
universe, and the purpose of reporting the results through Tor is to
allow users to have anonymity even while helping populate the Observatory.

Actually scanning through Tor might be nifty, might be useful. But it's
not currently in our plan anyway.

Mostly my purpose in this thread has been to assert that gentle,
non-abusive TCP connections for the purpose of research are gentle,
non-abusive, and good for research. Tor is the best overlay network in
the world, and that's a handy thing for lots of nice reasons besides the
nice reason of anonymity.

> In such case it would be interesting to know which is the algorithm used
> to distributed the scan across the internet.

Our code is open source, and any new code also will be.

> Depending on how the randomization and distribution across different
> IPs/netblocks is efficient it may or may not trigger Port Scan Detection
> systems.

Right. In any case our goal is to be gentle, not to hide.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation
https://www.eff.org/code