[tor-talk] Automatic vulnerability scanning of Tor Network?

Lee ler762 at gmail.com
Thu Dec 22 06:05:23 UTC 2011 

On 12/21/11, Justin Aplin <japlin at gmail.com> wrote:
>
> On Dec 20, 2011, at 6:52 PM, Mike Damm wrote:
>
>> On Dec 20, 2011, at 2:54 PM, "Chris" <tmail299 at errtech.com> wrote:
>>
>>>>> Security trough obscurity doesn't scale, so what' the problem?
>>>>
>>>> The problem is that I don't know you, I don't know your intentions,
>>>> and I haven't given you permission to do a security audit, free or
>>>> otherwise, on my machine.  You need to GET PERMISSION FIRST or you're
>>>> behaving exactly like those "Tor unfriendly person" you mentioned.
>>>
>>> What are the ethics of the Internet?
>>
>> A smart man once said "be conservative in what you do, be liberal in what
>> you accept from others."
>
> While I totally get both sides of this argument *in theory*, all of this
> sounds a lot to me like getting pissed off about someone ringing your
> doorbell because they didn't mail you an opt-in form first.

Nope.  The probes were annoying, but the killer was my all-in-one
consumer grade router/nat/dhcp server/firewall leaking packets into
what was supposed to be the secure part of my home network.

> Certainly I'd be
> pissed if someone decided to test my home security by trying to jimmy a lock
> or force a door (or even going around seeing if any doors are unlocked,
> despite that being my own bad), but if I'm going to provide a service
> (tor/doorbell) it has to be expected that occasionally someone unexpected is
> going to use it, whether this is a pleasant surprise
> (girl-scouts/friendly-researcher) or a hell of an annoyance
> (traveling-salesman/malicious-hacker).
>
> /contrived analogy
>
> At any rate, since you've found that your view of ethics clearly does not
> match many others' on the internet, and have since taken your node(s) down,
> why is this still an issue?

It isn't

> Mike's advice is really the best way to go here.

Wrong.  The quote is from section 2.10 of RFC 793

  TCP implementations will follow a general principle of robustness:  be
  conservative in what you do, be liberal in what you accept from
  others.

Things have changed since 1981.  Being liberal in what you accept from
others on the Internet now gets you pwned.

Lee


>
> ~Justin Aplin
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>

More information about the tor-talk mailing list