Filtering traffic from your node - for exit points

Kyle Williams kyle.kwilliams at gmail.com
Tue Sep 11 02:19:49 UTC 2007


On 9/10/07, phobos at rootme.org <phobos at rootme.org> wrote:
>
> On Mon, Sep 10, 2007 at 04:43:17PM -0700, torified00 at yahoo.com wrote 16K
> bytes in 169 lines about:
> : Up to now I thought it was impossible to filter out what tor users do
> from our tor exit nodes. A little experimentation later I've found a way how
> to limit what users can or cannot do. Please do check if filtering content
> is legal according to the laws of your country. Personally I have decided
> that I'd rather be investigated because of filtering illegal materials than
> to be investigated because I was helping a criminal. Do whatever you wish
> with the information provided. You may not like the filtering - but every
> exitpoint operator can decide for himself what he wants to do.
>
> I am not a lawyer, but I believe by doing this you're actually opening
> yourself up to more liability than you'll ever correct.
> https://tor.eff.org/eff/tor-legal-faq.html.en#ExitSnooping is
> effectively what you're doing.
>
> This topic has been visited, re-visited, and most recently,
> re-re-visited.  http://archives.seul.org/or/talk/Mar-2007/msg00082.html
> is the latest round of visits.
>
> --
> Andrew
>

I spoke with several attorneys and a couple of FBI agents at DefCon this
year about this.  I'll try and summerize what I was told.  Keep in mind,
this is in the US.  It may vary in your country or state.

As a Tor node operator, you are providing a free "service".  As a "service"
provider, you are entitled to monitor your traffic for suspicious activity,
bandwidth usage, and/or attacks against you or your "customers" (Tor
users).  Basically you get some of the rights, if not all, that an ISP does
since you are providing a free internet "service".  Just because it's free
to everyone else doesn't make it less of a internet service; in fact, if you
are paying for your connection to your ISP (which everyone is) then upi have
a "invested interest".  Most people want to, and have the right to know what
is going on with their investments.

"Monitoring" traffic that comes in or out of your connection can consist of
many things.
If you are a "monitoring" bandwidth usage, packets are still being looked
at, but only the size and total number of packets in a given period is what
is being "monitored".
There is Intrusion Detection Systems, or IDS, that does packet inspection to
"monitor" if there is malicious content in the packet/s.  In this case, the
entire packet is being looked over by a piece of software for anything it
might consider malicious.

I put it this way to the FBI agents I spoke with (who were really cool
btw).  I told them that I operated a Tor exit node and I used iptraf and
driftnet to monitor what my connection was being used for.  (They just
grinned when I said this.)  I asked them if this was wrong or illegal of me
to do.  They said no, and that I have rights (mentioned above) as a
"service" provider to protect my "invested" interest.

Because there was so much porn, nasty porn at that, I decided to shutdown my
exit node.  I for one welcome the idea of filtering out porn on my exit
node.  I'm paying for my connection, not Tor users, so as far as I am
concerned, I have the right to say what goes into and out of my node.  IF
you disagree, then take a look at your torrc file, and if you are blocking
ANY port and not allowing ALL traffic to leave your node, then you too are
filtering traffic.

So really, what's the difference between blocking websites and blocking
ports?
Nothing, they both are considered filtering.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070910/c4d8bdf4/attachment.htm>


More information about the tor-talk mailing list