[tor-relays] HoneyPot?

Mirimir mirimir at riseup.net
Thu Oct 29 21:18:57 UTC 2015


On 10/29/2015 03:05 PM, Mike Perry wrote:
> Green Dream:
>> Mirimir: aside from the nickname, do you have any reason to believe it was
>> out of the ordinary? The exit policy mostly only seems to allow
>> non-encrypted services (80 but not 443, 143
> 
> A while ago we were actively marking nodes that only allowed
> non-encrypted services as BadExit, since there were no satisfactory
> explanations given as to why nodes should need this policy.
> 
> Back then, the most common explanation people gave was "I need the
> ability to block traffic that looks evil." Unfortunately, all mechanisms
> available to do this will also end up blocking legitimate content at
> some rate. Nobody was using anything more advanced than snort-style
> regular expressions that matched things that happened to look like
> exploits.
> 
> FWIW, I am personally in favor of reinstating such a policy. I doubt the
> situation has changed.

I concur. Peeking at exit traffic violates Tor integrity, no?


More information about the tor-relays mailing list