[tor-relays] Simplifying ExoneraTor
Karsten Loesing
karsten at torproject.org
Tue Jul 7 16:10:00 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/07/15 16:19, Joshua Lee Tucker wrote:
> On 7/7/15, teor <teor2345 at gmail.com> wrote:
>> Organisation X experiences an attack on their website via an IP
>> address, and they want to identify the origin of the attack.
>> Exonerator tells them that the IP was used by a Tor Exit that
>> permitted port 80. (This is a very likely scenario.)
>>
>> Organisation X experiences a SSH login/password scan via an IP
>> address, and they want to identify the origin of the attack.
>> Exonerator tells them that the IP was used by a Tor Exit that
>> permitted port 22. (This is perhaps a less likely scenario, but
>> still well worth knowing about.)
>>
>> We could split the Exit column in two (web ports, other ports),
>> but I'd prefer to provide the list of ports in a detail page, and
>> let the analyst do their own triage. But if we only have one
>> page, perhaps the split is worthwhile.
>
> I personally don't like displaying the ports in the overview page -
> I would also much rather have this information displayed in a
> detail page. (Maybe make the "Exit: Yes" clickable?)
>
> I think this improves not just readibility, but also keeps the
> main page as simple as possible.
Well, I'd like to keep the main page as simple as possible, and I'd
also prefer not to add a details page at all. The only output that
users should see is a single page that they can print out and file to
close a case (in favor of having more time for the 9 other open cases
where ExoneraTor returned a negative result). Adding more details,
even on a separate page, would only confuse users and not help much.
Regarding documentation, it's already there on the same page, so that
it will be printed out on the same page as lookup results. If we can
phrase things better, please let's do that. But let's not add another
page with explanations.
Does that make sense?
All the best,
Karsten
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJVm/nYAAoJEJD5dJfVqbCrY+AH/jPyecTbzvZcql5Txd5LHXA1
udkPpG6CtarFaLlh0MSdRQpHTd2gBjQs953hat0fDX9Tldi6XgeM5o/BVMsJxmn9
ZBb9qoB7gxEdOn3zh8COD5KHI19EW2ZtCH3RgK+p3qMgBisFLnFke3V3N3GdT9+V
CK8N+ibLZLwnTIP6bWlFDmL4J4xJfXts/0nqRkglbyI7K7QSYkWtUwg5+hMO/IMv
XfkCRlJEx/X/486xW2/o5IyIqIttjXFDShdCIRP1CSLN4jz0tQR0wZZhfdYUp2ND
d+yxzMGQ+Rk8l42dh1pDdgU+dZ4K9URc31+DqJqa6rrRS7BXjfMIE5SId7ODqKk=
=nlXx
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list