[tor-talk] Making TOR exit-node IP address configurable
Mike Perry
mikeperry at fscked.org
Thu Mar 10 08:34:56 UTC 2011
Thus spake Moritz Bartl (moritz at torservers.net):
> On 10.03.2011 08:21, Fabio Pietrosanti (naif) wrote:
> > Again, that's true only if you are damaging user's traffic and so your
> > "filtering" doesn't break in any case:
> > a) don't break user traffic
> > b) don't break exit scanner traffic
> > c) break "just some kind" of more noisy and malicious/aggressive
> > traffic
>
> If I was scanning my own /21 through Tor, would that be user traffic, or
> malicious traffic?
> If I was fuzzy scanning web applications on my own server through Tor
> because some malware has infected my server that ignores requests from
> my home country, would that be user traffic, or malicious traffic?
Exactly. Perhaps we should just check for RFC 3514 compliance at entry
nodes? :)
In all seriousness, the only way this can fly is if it is transparent
to the user, and doesn't ever actually block their activity.
I described how such a system could work here, but someone would have
to build it:
https://lists.torproject.org/pipermail/tor-relays/2011-March/000675.html
Any other system that tries to only break "just some kind" of
malicious traffic is bound to fail (and in rather hilarious ways).
Skynet just isn't that good yet. Maybe some day the machines will
protect us from ourselves, but that day is not today.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110310/92eca954/attachment-0001.pgp>
More information about the tor-talk
mailing list