[tor-talk] Automatic vulnerability scanning of Tor Network?

grarpamp grarpamp at gmail.com
Wed Dec 21 02:57:43 UTC 2011

>> Which is why I stopped running a relay - waaaay too many people poking
>> at my machine.  In retrospect I was probably just incredibly naive,
>> but when I put up a tor relay I was expecting to just relay tor
>> traffic.  I did not sign up to be the target of any wannabe pen
>> tester.
> For me it is quite clear that by setting up a tor relay I highly expose the
> server and make it target for scanning and more. Therefore I am personally
> happy with scanning my servers by tor friendly people. I don't regard this an
> attack but as a helpful service to the community of tor relay operators.

Putting these two another way...
The internet is probed a hundred times a day for any number of
reasons. Any IP you light up is subject to it. And not only that,
but it will have active, intentional and evil exploits thrown at it.
Anyone not knowing this seriously needs to find a sniffer and
run it.

So to the people who whine of being packeted like it's some sort
of outrage... get real and shut up. If it bothers you, report it.
Others are happy throwing up a filter (or not) and forgetting it.
And if you get cracked, or receive a friendly vulnerability email,
consider it a blessing. The net is just noise in logs rarely read.

What are you going to do when someone reads this thread
and decides to do the project anyway? What if they do it
anonymously for fun? What if they are already doing it? What
if you don't know about it?

Welcome to the net.

More information about the tor-talk mailing list