blocking google groups [was Re: ExitPolicy abuse]

Roger Dingledine arma at mit.edu
Wed Feb 9 10:45:36 UTC 2005


First, to SK: yes, middleman nodes are still very useful. Remember that
two of the three hops in the circuit are on nodes other than the exit
node. Also, since Tor's security comes from the diversity of its network,
letting people *enter* at your node is very helpful to security.

On Wed, Feb 09, 2005 at 10:43:49AM +0100, Valient Gough wrote:
> I also got a report recently from someone about UUNet abuse through 
> Google.  Apparently they had reported it to google, but never got an 
> answer (not surprising, in my experience google is very slow to respond 
> to mail, if they ever respond).  I think the problem lies with google - 
> they are acting as a proxy from HTTP -> UUNet and not filtering spam 
> along the way.

(I assume you mean Usenet.)

Hm, this is a tricky one. For example, if Google starts filtering posts,
liability issues may come up. Also, Google tends to get bad publicity
when they do things that can be seen as "censorship."

> So until google fixes the problem, I've rejected access to google's 
> network.  I don't know how many ways groups.google.com may be accessed, 
> but my first stab is to block 216.239.37.0/24 , which contains the 3 
> servers listed right now in DNS.

Ok, but groups.google.com is an alias for groups.google.akadns.net,
which doesn't bode well for easily enumerating its addresses. :)

> Perhaps over time we're going to have to build up a list of networks 
> that are wide open for abuse, like google groups, which we may want to 
> block in a default exit policy..

Right.

I'll have a talk with some Google security folks about this, and see how
they feel about this particular example of abuse. Thanks for bringing
it up.

Thanks,
--Roger



More information about the tor-talk mailing list