[tor-talk] Police was here - whats next?
grarpamp
grarpamp at gmail.com
Tue May 31 03:59:21 UTC 2011
> I ran a tor exit node at that time, and I am confident somebody
> mis-used our tor exit node, as our WLAN is WPA2 encrypted.
This is one reason that if you are in any way [1] mixing:
a) your own use of the internet/Tor
and
b) running an exit relay
you should seriously consider logging either:
a) your own traffic (whether via internet or Tor)
b) exit traffic
c) both
To cover your ass. At least this way you'll have some form of
log you can present if needed to give more weight to an
explanation.
This is easily accomplished by segmenting your network
into separate VLAN's or interfaces and using passive
monitoring such as netflow or tcpdump to capture IP
traffic headers.
It's also easy to encrypt the logs of at least your own traffic
to prevent needless profiling from that data source
should your systems be borrowed against your will.
I'm sure others will argue 'logging bad' and 'legal footing',
so I won't cover those aspects here. To each their own.
[1] Shared computers, IP addresses, physical location,
cohabitation, owners, etc.
More information about the tor-talk
mailing list