[tor-talk] Automatic vulnerability scanning of Tor Network?

Robert Ransom rransom.8774 at gmail.com
Wed Dec 21 23:45:54 UTC 2011


On 2011-12-21, Chris <tmail299 at errtech.com> wrote:
>>> So please, don't bother with that justification, a scan like that would
>>> probably just be one scan of 10000 you receive every week.
>>
>> The scan which happened yesterday was enough to get the attention of both
>> the
>> university network security team, and the sys-admins of the department
>> which
>> hosts my Tor server. The last time this happened was 2009.
>>
>> It's already difficult enough to host a Tor server, but triggering
>> institutional
>> IDS is only going to make justifying the benefit of running a node harder.
>>
>
> This is a dumb policy although that being said if this is going to have a
> significant negative impact on the Tor network from a bandwidth or
> security (loss of nodes could impact security too) then what about having
> the Tor software do a check on the system? This would bypass the network
> and avoid intrusion detection systems in place on the network. I imagine
> anyway.

All of these ideas about removing allegedly ‘insecure’ or ‘vulnerable’
relays from the network ignore the fact that someone who wants to
compromise Tor relays and use them to attack Tor users will just make
the relays appear to not be vulnerable, so that they can stay in the
network.  I'm amazed at how many people want us to remove relays which
have definitely not been compromised from the Tor network.


Robert Ransom


More information about the tor-talk mailing list