[tor-relays] Network Scan through Tor Exit Node (Port 80)

Scott Bennett bennett at cs.niu.edu
Thu May 5 08:59:04 UTC 2011


     On Fri, 15 Apr 2011 04:12:53 -0700 Mike Perry <mikeperry at fscked.org>
wrote:
>Thus spake Scott Bennett (bennett at cs.niu.edu):
>
>> On Sat, 02 Apr 2011 Jacob Appelbaum <jacob at appelbaum.net> > wrote:
>> >> On Thu, 10 Mar 2011 10:27:50 -0800 Chris Palmer <chris at eff.org> wrote:
>> >>>
>> >>> The Observatory work was not done through Tor.
>> >>=20
>> >>      Good.
>> >
>> >I think we need a scan of the SSLiverse through Tor.
>>
>>      Use !=3D abuse.
>>      If I run sendmail with it configured to accept mail from outside, th=
>at
>> does not mean I agree to receive massmail, malware, or other bad stuff via
>> TCP port 25.  Because various idiots with access to the Internet insist u=
>pon
>> attempting to abuse my ability to receive mail does not militate against =
>my
>> defending my system from such malicious activity in any way I see fit.
>
>You are right. It does not. You are entitled and in fact expected to
>defend your system from scans and abuse.
>
>Censor yourself, not others.

     Laying aside for the moment the definitional problem with your demand
that I am neither a state nor an employee of one, I think you have gotten
me mixed up with someone else.  I have never advocated censorship.  You
perhaps have forgotten the many instances in which I have requested a BadExit
flag be assigned to exit nodes that altered the data returned to tor streams
from the destinations or that reliably "failed" to connect to certain
destinations when other exit nodes did connect to them.
     I have, OTOH, stated approximately my policy regarding inappropriate
attempts to probe or otherwise access my computer.  If you see some connection
between my denial of access to my ORPort and DirPort to systems I deem to be
miscreants based upon their own past behavior and the administration of an
exit node, then please enlighten me because my understanding hitherto of the
design of tor was to render untraceable any relationship between the two,
which would seem to me to require that entry node access restrictions have no
relationship to exit restrictions.
>=20
>>      Further, an activity that can be used by one party to cause terminat=
>ion
>> of another, innocent party's Internet connection is an intolerable assault
>> upon the latter party's paid access to the Internet for all purposes, not
>> just to offer additional capacity to the tor network, and upon a private
>> agreement between the latter party and his/her ISP.  Defense against such
>> offenses is completely appropriate and in order.
>
>It is not an arbitrary party whose Internet connection risks
>termination.  It is a party that signed up to protect Internet freedom
>and resist censorship. People who want to bring censorship to Tor are
>not welcome on the network. The reason is simply because censorship
>does not work.

     True enough, though irrelevant to the discussion of entry node access.
>
>>      The activity in question also is not easily distinguishable from that
>> of a lot of actual malware that scans for open ports to find a way in.
>
>This justifies Internet censorship? Or censorship at Tor Exits?

     It seems that I am not the only one who has misplaced some details here.
I cannot remember ever having advocated filtering of exit traffic in any way
other than by published exit policy.  In fact, I have even once asked for a
BadExit flag for a node that returned bad data that it itself may have
received from some intermediating proxy on grounds that the data were still
not what should have been returned.  (That was the time that grarpamp
objected on grounds that it might not have been the exit node's fault, even
though the data were still bad.)
     I note here again, non-state entities might filter, but by definition,
are not censors because they only exert control over their own property, as
opposed to state entities that do violate the property rights of others by
forcibly exerting control over the private property of others in order to
restrict or adulterate the transmission of information.
>
>Or are we just trying to ethically define "abuse" and "anything that
>looks like malware" is the best we've come up with so far? That's
>a pretty poor standard.

     I define it as TCP SYN or UDP packets sent to ports on my system on
which no program is listening, which is the same as saying that they are
attempts of unauthorized access.
>
>> >Google seems to have this data from crawling the web and simply caching
>> >it as a matter of crawling everything - they get the data from lots of
>> >sources such as other urls, toolbars, etc. Google recently published
>> >the Google Certificate Catalog:
>> >http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certifica=
>te-security.html
>> >
>> >So is Google's method the only ethical way to collect this certificate
>> >data? Or is there no method for collecting this data without users
>> >manually submitting each certificate they encounter by hand?
>>
>>      AFAIK, Google does not use the tor network for its web (or other)
>> crawling activities.  For Google's purposes, the tor network would be
>> unusably slow.  AFAIK, Google does not use any method that uses someone
>> else's computer(s) to make its connections to a destination.=20
>
>What does using the Tor network have to do with the ethics of crawling
>the web/Internet? What makes it not OK to crawl the Internet
>anonymously, but makes it acceptable to seek that same information so
>long as you are not anonymous? Or are we being Kantian here, and
>saying that if everyone crawled the Internet, we'd be doomed. So
>therefore, only Google can crawl the Internet? That doesn't work
>either.

     The problem, as I hoped I had made clear already, is that it incites
damage to the tor network, specifically to both the population of tor exit
nodes and their operators' Internet access.  Google, AFAIK, does not use
tor and therefore does not place tor exit nodes at risk.
>
>Again, people sign up to be Tor relays to take a stand against
>Internet censorship and surveillance. It is thus expected that they
>allow all traffic to pass unmolested and unmonitored, or work to
>implement a way to do their programmatic ExitPolicy filtering in a way
>that does not impede client activity.
>
>Exits are not so scarce that we need to flex our morals on this point.

     I am not going to get into a discussion of morals because morals vary
from one person to another based upon anything from religion to culture to
personal whim.  I limit my discussion to points of ethics, which are invariant
and can therefore be addressed with consistency.
>
>> An EFF employee, OTOH, has confessed to doing so on this list.  The
>> latter, then, is burning CPU time, as well as network connection
>> throughput capacity, on not just one system, but on routelen + 1
>> systems for each scanned system times the number of ports scanned on
>> that system.
>
>Nobody confessed to doing anything over Tor. Chris and Jake simply
>defended the idea of crawling the net over Tor. At no point did
>anybody state that the scan did happen over Tor.  In fact, several
>people said the opposite.
>
     You are correct in this matter.  I misremembered that detail, and
I apologize for my misstatement.  Nevertheless, Chris, IIRC, did say that
he supported such abuse of tor exits, even though he had not (yet) done
so himself.

>Perhaps if your mail client supported threading this would be more
>apparent to you? Actually, it's right there in the very first text you

     No, it has nothing to do with mail software, as you observe in your
next sentence.

>quoted, though.  So perhaps something else is amiss. Is the pager in
>UNIX 'mail' still the original 'more' or something? Or are you still

     less(1).

>using 'ed' to type your mails? :)

     The problem was (and still is, though less so already) the delay
in catching up to current mail due to an immense backlog in my in box.
Ever since I unsubscribed from tor-talk several weeks ago, I have slowly
been gaining ground on the extent of the running backlog, so the situation
can be expected to improve over time.  My apologies for my confusion.
>
>> Another point, though irrelevant due to the ethical considerations
>> that we've been discussing so far, is that there is no particular
>> reason to use tor rather than some other proxy to look at the
>> Internet from different locations.  Anonymity is not necessary to
>> achieve that end.
>
>It is very useful to be able to scan the Internet from multiple,
>stable vantage points with anonymity.

     That seems likely true.  However, it doesn't justify doing damage
to third parties, who have committed no offense other than to offer a
service to a community of users who desire to access the Internet
anonymously, nor to that community of users by reducing the size of the
pools of exit nodes and of any other circuit positions in which those same
nodes may serve.
>
>So long as the resources of any one site are not unreasonably
>consumed, and so long as the scanner is not substantially occupying Tor
>exit bandwidth, I really don't see what is so ethically complicated
>about this.=20

     As noted before, the ethical problem is that exit nodes are put at
much greater risk of elimination.  I realize full well that there are
plenty of other tor users who act in similarly damaging ways for actually
nefarious ends, but the point remains that the means are wrong, regardless
of the ends.
>
>By occupying this topic with our attention, we are allowing ISPs who
>seek to impose restrictions on Tor traffic in one form or another to
>have their way and dictate what is acceptable on our network.  Such

     I would be interested to know what evidence you have to support
that claim.  From what I've seen thus far, ISPs, especially gigantic
ones like Comcast, have not the slightest interest in which programs
one runs, much less the often esoteric discussions on mailing lists
related to those programs.  Instead, they care about dividing their
services into two classes:  one class that is relatively cheap but is
definitely *not* a full-service for Internet access and another class that
costs at least twice as much and usually provides something approximating
full Internet access.  In the U.S., the partial service has sometimes been
falsely, and therefore illegally, advertised as "full Internet service"
or "unlimited Internet access/service".

>ISPs do not deserve any Tor-related revenue.

     Agreed.  However, in many locations there is no or greatly restricted
competition, often due to governmental intervention, so the individual
subscriber's options may be limited to either working with such
degenerate corporations or not being connected to the Internet at all.
>
>It is that simple. We can worry about compromising our principles for
>precious few kilobits when all else has failed.
>
     If you are so willing to compromise on principles, then why do you
devote your professional life's work to the tor project?  Do you secretly
aim to undermine the goals of the project in some way?  After all, you
recently opined that exit nodes with throughput capacities less than
100 kB/s were basically a nuisance and/or not worth bothering with, just
caused load distribution problems, and so forth, an opinion discouraging
volunteers from running such exits.  If that discouragement were to succeed
in reducing the size of the exit pool, that would seem to reduce the
anonymity of tor users correspondingly, something that would also seem in
order for someone trying to sabotage a project for which he worked.  I trust
that wasn't your real intention, but it surely could have been interpreted
that way by someone outside your inner circle.  I was astonished when I
first read it.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************


More information about the tor-relays mailing list