[tor-talk] torslap!

Andreas Krey a.krey at gmx.de
Thu May 2 18:45:36 UTC 2013


On Thu, 02 May 2013 13:19:59 +0000, Lucia Liljegren wrote:
...
> Because these "not attackers"  are guessing addresses they tend to hit my 404 page which is dynamic and does some checks. When I detect an IP doing this sort of stuff,  I use Cloudflare's API and ban the IP 7 days .

You mean, when I set up a bit of link farming, you will block Googlebot? :-)

...
> What's the proposal under Torslap?  I check the IP that's fingerprinting, and if it's TOR, I make it pass a "proof or work", and then let it continue to scan? That can't be what you are suggesting.   So what are you suggesting. 

The proof of work would be bound to a login, not an IP. The idea being
that one is only allowed to put content (aka 'comment') when such a
proof exist, and the proof would be declared invalid if the account
is being found spamming.

Apparently there are way too few exit nodes (especially fast ones
that get selected often).

If there a reason you block for several days? I don't see how that
would help much. As opposed to not directly blocking but instead
reversing source and destination address in packets coming from
such IPs. :-)

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800


More information about the tor-talk mailing list