eliminating bogus port 43 exits
Anon Mus
my.green.lantern at googlemail.com
Sat Jun 13 07:45:33 UTC 2009
Roger Dingledine wrote:
> On Fri, Jun 12, 2009 at 03:51:25PM -0700, Kyle Williams wrote:
>
>> I think "snooping" and "statistical information" should be treated
>> differently. Take Scott's case here. He is making a claim that by using
>> the exit policy outlined above, it would reduce the amount of traffic on tor
>> by 70% or whatever. What I would like to see proof of is that the IP
>> addresses that are now being blocked are NOT running a WHOIS services. How
>> do we know for sure that they are not in fact a valid WHOIS service?
>>
>
> I would also be curious to learn the mean/median number of bytes that
> a given connection to port 43 takes. If it's a tiny amount, then it
> probably isn't responsible for 70% of Tor's traffic. If it's huge,
> then perhaps that means people are file-sharing over port 43.
>
>
IMHO its unlikely that file sharers are ALL using port 43... you are
more likely to see a wide spread of ports with high usage. I've found
that sharers are not savvy enough to all pick port 43 because its more
likely to be open. When I file share over TOR (once or twice a year
max., to get seeding started, anonymously) I pick no particular port.
Without a large anonymous Pron provider operating over TOR, its more
likely that a very large organization (military - intell) has its own
software communicating over TOR (hidden in ordinary port 43 "cover"
traffic) on port 43. Obviously, this would be a globally distributed
operation. Say... the US Mil&Intel. Of course, if its existence were
discovered they would need to put up some sort of smokescreen, pointing
the finger in the wrong direction, so to speak.
Of course... it could all be regular WHOIS traffic, as cover traffic, or
just genuine. Maybe someone (MIL/GOV) has their own local WHOIS copy
which is updated via TOR (??).
A little bloodhounding the port 43 IP addresses/domains would go a long
way to seeing if they were at least all or mainly genuine WHOIS requests.
snip..
> --Roger
>
>
>
More information about the tor-talk
mailing list