[tor-talk] Exit Traffic classification and discrimination

PALMERS CONSULTING LLC palmers at Safe-mail.net
Mon Feb 1 17:37:23 UTC 2016 

Dear Sirs,

I had Dropbox professional and they restore the all files stored in Dropbox.

I can offer this solution to you.

And I wish "GO TO HELL" to the tor-people.

Best regards,

Janos


Confidentiality Notice:
This message, together with its annexes, contains information to be deemed strictly confidential and is destined only to the addressee(s) identified above who only may use, copy and, if authorized, under his/their responsibility, further disseminate it. If anyone receives this message by mistake or reads it without entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons other than the addressee(s) is strictly forbidden and is asked to transmit it immediately to the sender and to erase the original message received.

Thank you.

PALMERS CONSULTING LLC
Asset management, trusteeship and banking counseling

-------- Original Message --------
From: "Fabio Pietrosanti (naif) - lists" <lists at infosecurity.ch>
Apparently from: tor-talk-bounces at lists.torproject.org
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] Exit Traffic classification and discrimination
Date: Mon, 1 Feb 2016 14:26:23 +0100

> Answers in-line.
> 
> On 1/31/16 5:00 PM, amuse wrote:
> > Hi Fabio:
> > 
> > TLDR: No, I haven't and wouldn't try this.
> > 
> > 
> > If I understand, you're asking "Why don't TOR operators discriminate on
> > traffic by passing packets to popular, acceptable sites and
> > discriminating against traffic headed "elsewhere" by re-routing it.
> > 
> > This view ignores a few fundamental facts underlying the very existence
> > of TOR.
> 
> From the point of view of a Tor users, there's absolutely no change in
> the Threat Model.
> 
> From the point of view of a Tor Relay operator, there would be a better
> resiliency against takedown due to Abuses.
> 
> 
> > 
> > 1) That tools such as TOR exist specifically to enable that last 10% of
> > "dangerous" traffic - given that every political regime gets to decide
> > what they think is "Dangerous".  In Saudia Arabia, criticism of the king
> > is dangerous traffic. In China, discussion of the Tienanmen square
> > massacre is also dangerous. TOR exists specifically to facilitate this
> > traffic.
> 
> We are not speaking about whats "Dangerous" for a Tor user, but what's
> "Abuse-Generating" for  Tor Operator.
> 
> I think that most of those discussions you're referring to:
> - does not trigger abuses being sent to the ISPs
> - happens mostly on major internet platforms (let's say the top-30)
> 
> > 
> > 2) That the most objectionable traffic will probably be going to a lot
> > of the top-30 websites, as that's where political discussions need to be
> > brought to gain any sort of critical mass to bring them out of anonymous
> > online enclaves and translate them into real political activity.
> > 
> > Finally, I wonder whether you have any experience actually, in practice,
> > trying to differentiate traffic as "abuse" from "not abuse". If there
> > were any even close-to-accurate ways of doing this, I suspect ISP's
> > would already be doing it and even your abusive TOR traffic would get
> > dropped at peering connections.
> 
> When i used to run Tor Exit relays, i never received abuses coming from
> traffic being directed to major internet websites (ie: google, facebook,
> wikipedia, etc).
> 
> The ISPs are already doing that, it's called "Traffic Engineering", but
> it's not done due toe "abuse" or "not abuse", because the abuses are not
> a major issues for an ISP.
> 
> Abuses are a major issues for Tor operators, not for ISPs.
> 
> > 
> > In practice, it's very difficult to tell if even "clearly abusive"
> > traffic - say, XSS attempts or SQL injection scanners - are abuse by
> > some annoying hackers, or research by someone trying to assess how many
> > home IP cameras are vulnerable to being part of a botnet, or even an
> > authorized pen-tester just checking out their client's distributed offices.
> 
> Any digital attacks attempt going trough Tor, has to be considered
> abusive, because it generate abuses.
> 
> Btw if you try to make a web attacks against:
> - Facebook or Google or  (no abuse received)
> - A major abuse (abuse received)
> 
> That's why traffic engineering with such a multi-homing approach, could
> really works differentiating traffic designated to
> top-internet-destination (that does not generate abuses but may
> represent most of the traffic) vs. rest of the internet (that's likely a
> minor part of the traffic, but in this chunk there's surely the
> abuse-generating one).
> 
> Btw it's not easy to be technically implemented
> 
> Fabio
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list