[tor-relays] Legal situation of tor in Europe

s7r s7r at sky-ip.org
Mon Mar 9 15:02:30 UTC 2015

Hash: SHA256


Your arguments are fair and correct and mostly I tend to agree.

But, the port scans, malware distribution and spamming existed before
Tor, exist in parallel with Tor and will continue to exist even if Tor
will disappear.

I admin a lot of servers opened to the public internet and I have
noticed, for q quick example, that if you don't change the default SSH
port (22) and implement ssh-key based authentication, the server will
be flooded with failed login attempts (password brute forcing). The
SSH logs also save the remote IP address - you will be amazed that
almost all of those IP addresses do not belong to Tor exit relays. The
percent of Tor-IP addresses in these logs is very small and
insignificant, compared to other non-Tor IP addresses.

A basic web server running Apache2, its access log will have tens of
thousands of requests for /phpmyadmin or /wp-admin or other paths,
from scripts which try to brute force phpmyadmin or other CMS web apps
(such as wordpress, joomla). Again, the logs also include the remote
IP address - we see here IP addresses of Tor exit relays in a very
small percent compared to other non-Tor IP addresses.

When port scanning or brute forcing, doing it through Tor has many
disadvantages, such as being very slow (can't handle too many
concurrent requests), exit relays IP addresses being blacklisted and
so on.

It's much more practical to just use a compromised computer with good
bandwidth which can handle many requests per second and has a
not-blacklisted IP address. There are hundreds of thousands of such
computers on the internet. Secondly, there are infected computers
which can be used as proxies, all these represent a better solution
than Tor for port scanning and brute forcing.

I totally agree on some good and sane anti-abuse measures, but without
undermining the freedom and anonymity of the users.

Port scanning is just 'the noise of the internet' - in almost all
cases it's irrelevant if someone performs a port scan on a server, as
long as the server is properly secured. If your SSH port is 22,
password authentication enabled, and your root password is 12345 .....

On 3/9/2015 4:40 PM, Markus Hitter wrote:
> Am 09.03.2015 um 15:13 schrieb s7r:
>> This is a speculation and it's not backed up by anything real.
>> Can you define "crack down on Tor"? People and organizations are
>> researching and trying to find a flaw in Tor since Tor was born -
>> there is a good side here, being widely studied and getting a lot
>> of attention makes it the best anonymity network available.
> One flaw which IMHO has to be solved sooner or later is the openess
> to abuse. Like port scans, like malware distribution, like
> spamming, you name it. Right now this task is left to the regular
> website operators and they don't like it, often resulting in
> general blocking of Tor exits.
> To what I understand, Tor's goal is to make flow of information
> free and to allow this freedom, anonymous. This doesn't include
> abuse, so implementing at least basic anti-abuse measures would
> make this network much more general website friendly and
> accordingly get it closer to its goals.
> Markus
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Version: GnuPG v2.0.22 (MingW32)


More information about the tor-relays mailing list