[tor-talk] Automatic vulnerability scanning of Tor Network?
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Tue Dec 20 08:11:29 UTC 2011
I made a big portscan+app fingerprinting of all Tor exit and Relay:
wget -q -O /tmp/Tor_ip_list_ALL.csv \
http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
nmap -iL /tmp/Tor_ip_list_ALL.csv -F -sS -sV -PI -T Insane \
-oM Tor-Scan-20-12-2011_00_30.out
You can find the result here:
http://infosecurity.ch/Tor-Scan-20-12-2011_00_30.out.gz
It would be interesting to analyze it to understand "what's running" on
Tor Exit and Tor Relays, eventually make up some kind of network
monitoring systems like it's done for Enterprise Security Monitoring
Systems.
IE (automatically):
- Having a periodic portscan + application fingerprinting
- Passing the result to a nessus vulnerability analyzer
- Sending the results to the contact info
- Repeating the tests every 2 week, sending again the result to the
contact info
- If a "high" vulnerability it's not fixed automatically within 1
months, publish it to the internet
Or a process like that to always know that the "System/Network" security
of computers running Tor it's ok, and if not ok "do something".
Imho it would not be complicated to setup a stuff like that
-naif
More information about the tor-talk
mailing list