[tor-talk] Automatic vulnerability scanning of Tor Network?
Paul Syverson
syverson at itd.nrl.navy.mil
Thu Dec 22 00:40:12 UTC 2011
On Wed, Dec 21, 2011 at 11:45:54PM +0000, Robert Ransom wrote:
> On 2011-12-21, Chris <tmail299 at errtech.com> wrote:
> >>> So please, don't bother with that justification, a scan like that would
> >>> probably just be one scan of 10000 you receive every week.
> >>
> >> The scan which happened yesterday was enough to get the attention of both
> >> the
> >> university network security team, and the sys-admins of the department
> >> which
> >> hosts my Tor server. The last time this happened was 2009.
> >>
> >> It's already difficult enough to host a Tor server, but triggering
> >> institutional
> >> IDS is only going to make justifying the benefit of running a node harder.
> >>
> >
> > This is a dumb policy although that being said if this is going to have a
> > significant negative impact on the Tor network from a bandwidth or
> > security (loss of nodes could impact security too) then what about having
> > the Tor software do a check on the system? This would bypass the network
> > and avoid intrusion detection systems in place on the network. I imagine
> > anyway.
>
> All of these ideas about removing allegedly ???insecure??? or ???vulnerable???
> relays from the network ignore the fact that someone who wants to
> compromise Tor relays and use them to attack Tor users will just make
> the relays appear to not be vulnerable, so that they can stay in the
> network. I'm amazed at how many people want us to remove relays which
> have definitely not been compromised from the Tor network.
>
Ah, perhaps they have read [1] and are trying to roll out such an
attack below the radar. Who _do_ they work for? ;>) On a less
facetious note, people might want to look at our trust work as a more
constructive response to the diversity of geolocations, jurisdictions,
OSes, operators, Tor versions, hardware etc. [2], although it is still
research and I do not pretend to have all the pieces to make this
fully practical without several more years of work.
[1] freehaven.net/anonbib/cache/ccs07-doa.pdf
[2] www.ohmygodel.com/publications/ortrust-ccs11.pdf
aloha,
Paul
More information about the tor-talk
mailing list