[tor-relays] Simplifying ExoneraTor
Joshua Lee Tucker
josh at tucker.wales
Tue Jul 7 14:19:18 UTC 2015
On 7/7/15, teor <teor2345 at gmail.com> wrote:
> Organisation X experiences an attack on their website via an IP address, and
> they want to identify the origin of the attack. Exonerator tells them that
> the IP was used by a Tor Exit that permitted port 80. (This is a very likely
> scenario.)
>
> Organisation X experiences a SSH login/password scan via an IP address, and
> they want to identify the origin of the attack. Exonerator tells them that
> the IP was used by a Tor Exit that permitted port 22. (This is perhaps a
> less likely scenario, but still well worth knowing about.)
>
> We could split the Exit column in two (web ports, other ports), but I'd
> prefer to provide the list of ports in a detail page, and let the analyst do
> their own triage. But if we only have one page, perhaps the split is
> worthwhile.
I personally don't like displaying the ports in the overview page - I
would also much rather have this information displayed in a detail
page. (Maybe make the "Exit: Yes" clickable?)
I think this improves not just readibility, but also keeps the main
page as simple as possible.
Regards,
Joshua Lee Tucker
@tuckerwales
More information about the tor-relays
mailing list