[tor-talk] Automatic vulnerability scanning of Tor Network?
klaus.layer at gmx.de
Tue Dec 20 22:23:01 UTC 2011
Lee <ler762 at gmail.com> wrote on 20.12.2011:
> Which is why I stopped running a relay - waaaay too many people poking
> at my machine. In retrospect I was probably just incredibly naive,
> but when I put up a tor relay I was expecting to just relay tor
> traffic. I did not sign up to be the target of any wannabe pen
For me it is quite clear that by setting up a tor relay I highly expose the
server and make it target for scanning and more. Therefore I am personally
happy with scanning my servers by tor friendly people. I don't regard this an
attack but as a helpful service to the community of tor relay operators.
> > IE (automatically):
> > - Having a periodic portscan + application fingerprinting
> > - Passing the result to a nessus vulnerability analyzer
> > - Sending the results to the contact info
> > - Repeating the tests every 2 week, sending again the result to the
> > contact info
> > - If a "high" vulnerability it's not fixed automatically within 1
> > months, publish it to the internet
> Absolutely brilliant. Someone donates to your cause and, if they
> don't come up to your standards, you do your best to ensure they get
> pwned instead of just dropping them from the donor list.
I would not go so far to publish vulnerabilities of a tor server on the
internet but the server could be considered as vulnerable. As a result tor
authority server could withdraw guard/exit flags or isolated the vulnerable
server so that it do no longer get traffic. I think it is legitimate to make
sure that the tor network is not endangered by vulnerable servers.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316 bytes
Desc: This is a digitally signed message part.
More information about the tor-talk