Tor a carrier for Botnet traffic?

Scott Bennett bennett at cs.niu.edu
Tue Sep 1 16:38:42 UTC 2009 

     On Tue, 01 Sep 2009 11:22:56 -0400 Ted Smith <teddks at gmail.com>
wrote:
>On Tue, 2009-09-01 at 16:20 +0200, Folkert van Heusden wrote:
>> So; what should we do? Dis-allow hidden services in Tor? Or block Tor
>> totally?
>>=20
>Banning Tor will have no effect on botnets, as others on this list have
>pointed out. We should ban Windows, instead.

     You raise a good point.  Nevertheless, *we* aren't the ones doing
the banning, rather the ISPs are (e.g., Comcast in the U.S.), and the ISPs
are certainly not going to ban Windows.
     There's been quite a few times that, when I've called an ISP to try
to get them to fix a problem on their end, I've been told that they don't
support FreeBSD, which, of course, is irrelevant.  I don't ask them for
operating system support, just networking support on their end.  Any *BSD,
LINUX, Solaris, or other UNIX-like system provides far better tools for
diagnosing networking problems than a typical Windows system provides.
The ISPs, however, will not let customers talk with anyone at the ISP who
actually administers the networking hardware or software.  They only let
customers talk with variously trained monkeys, none of whom have ever read
any of, say, David Comer's books on TCP/IP networking, kernel design and
implementation books, Cisco Systems manuals, RFCs, etc.  The people customers
are allowed to talk with have no clue how the Internet actually works.
They have no background in it whatsoever and usually do not even have the
vocabulary necessary to understand the evidence we present to them, much
less follow the reasoning based upon the evidence that points to the problem.
     Those are the people making the decisions to threaten customers who
know what they are doing and are running tor nodes, requiring those customers
to stop running tor nodes.  They can and do call customers who run tor nodes,
claiming that the customer's computer is "infected with a virus or other
malware" and/or that the customer's computer is "being used to contact botnets",
and when challenged for evidence to support the claims, swear up and down
that the evidence exists, but that no, they cannot give it to us and, in some
cases, that they don't have access to it themselves, but that they've been
sent a report by someone else (or some program) in the company that doesn't
give any evidence or that the company has received complaints, of which they
also cannot provide copies or other details.  A rational, knowledgeable
customer will get nowhere against the ignorance of ISP employees following
irrational policies and procedures of their employers.
     The only thing I can think of that might help here is for the tor project
and all tor node operators to stop refering to tor relays as "servers".  The
relay functions are *not* server functions any more than a Cisco router is
a server.  tor relays are *software routers*, not servers.  I realize that
a node that also has an open DirPort is providing directory services, but
those services are intended for internal use by the software router network,
not by humans directly.  The fact that humans *can* use HTTP to query a
directory server is irrelevant.  The primary role of the directory servers
is to serve the software routers, not humans, and therefore ought to be
considered as the software router equivalent to routing table maintenance
daemons.
     But at present, if an ISP contacts a tor node operator, claiming that
the node operator is violating an acceptable use policy prohibiting "servers",
a look at the tor project's web site merely convinces the ISP employee that
a tor node *is* a server because that's what the web pages say it is. :-(  Then
they tell the node operator to shut it down or else they will disconnect the
service.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the tor-talk mailing list