eliminating bogus port 43 exits

Ted Smith teddks at gmail.com
Sat Jun 13 20:04:33 UTC 2009

On Sat, 2009-06-13 at 13:48 -0600, Jon wrote:
> grarpamp wrote:
> > One person's legit is another's bogus. It's always been that way.
> > Other than routing, the use of the internet is partly chaos and
> > it's not changing any time soon. "Packets found on an internet",
> > they exist, therefore they are, deal with it. So let's forget about
> > this port number legitimacy thing.
> >
> > Further, some of us are real world network operators. We routinely
> > sniff and record traffic as part of our jobs. In fact, if we did
> > not, we would be very ineffective in our positions. Sniff if you
> > want, don't if you don't. So we can also throw this argument out
> > the window as to each their own.
> >
> > What we really want to know as network operators is what exactly
> > IS going on in this case. And a simple count of SYN's is not enough
> > for some operators to make a decision regarding their rulesets.
> >
> > Because for all they know, that traffic may indeed be diplomatic
> > communications with the Borg that are keeping our planet from being
> > assimilated. And well, unless you're Borg, or wish to become one,
> > that's pretty legitimate :)
> >
> > Sniff that thing out, bring the full stats, write a whitepaper.
> > Operators will look at it and make their own choices.
> >
> > Storing/grokking a days worth of tcp/43 sessions to find what percent
> > of them have whois strings should be easy. As should tallying up
> > the top ten whois queries and a distribution curve. That could help
> > determine if it's some clients gone haywire or normal. Though
> > somewhat like a ping someone left running, over Tor you'd just have
> > to wait it out. Classifying and counting the non whois sessions
> > would be harder but definitely interesting.
> >
> > If I was running an exit I would have already done and posted this
> > for you all, but I'm not at the moment, so I can't. I yield the
> > podium to my esteemed and valued peers on this list :)
> >   
> I can not agree.  Sniffing the traffic at the exit node actually does
> jeopardize the reason people are using this software in the first place.
> Jon

My understanding is that the Tor network provides some measure of
*anonymity* regardless of whether the exit node listens to traffic.
Certainly the reason for using Tor is not to magically protect your
traffic from every being eavesdropped upon -- only end-to-end crypto can
do that.

Is this false? I ask out of genuine concern, because if exit nodes have
to be trusted not to snoop on data for Tor to work properly (providing
anonymity), Tor is not what I thought it was.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090613/d17ef570/attachment.pgp>

More information about the tor-talk mailing list