[tor-talk] torslap!

Moritz Bartl moritz at torservers.net
Thu May 2 09:03:52 UTC 2013 

On 02.05.2013 05:11, Tom Ritter wrote:
> I used to be a big proponent of proof-of-work schemes, but I've scaled
> back my preference significantly.  There's two problems with them: [...]

My thoughts exactly. But, in this case, I have to say from experience
that a few websites that use blacklists that block Tor preemptively,
mostly without knowing about it. These types of blocks can be overcome
often by just a friendly email that explains Tor.

The second and most common type of blocking happens after someone has
been "attacked" once, or twice, via Tor, or an active "attack" is
ongoing. I use quotation marks here because most things that happen
would not be considered real attacks. Many IDS, and nowadays even blog
software etc, detects "unlikely behaviour" such as port scanning,
crawling, trying some script kiddie SQL injections, looking for common
exploitable CMS and the like. Most of these "behaviours" are *not*
targetted at specific sites, many are just using some bad or worse
scanning tool.

This second type of blocking would be very much helped with something
like torslap.

Sites "under ongoing attack" could easily deploy them, maybe even
together with a timeout, and thus get rid of the one attacker without
having to block all Tor users (even temporarily, a mechanism which they
rarely lift again because they have no incentive to do so).

Sites that sometimes get hit by random scans and the like, not currently
under active attack, could also obviously benefit from torslap. I
haven't read the whole thread, but (Re)CAPTCHA could be considered a
cheap and powerful "proof of work", too.

I would love to see something as simple as an iptables bucket for Tor
users where they can be first sent to a different webserver/site, and
after they "do something there" the exit IP is temporarily removed from
the bucket. A second interesting approach would be something more
specific for the software used, like a Wordpress plugin that blocks
admin logins via Tor, puts Tor users under more "supervision" (moderated
postings/registration, only "guest Tor post" without the ability to log
in at all, read-only access, etc) etc.

-- 
Moritz Bartl
https://www.torservers.net/

More information about the tor-talk mailing list