[tor-talk] torslap!
Andreas Krey
a.krey at gmx.de
Fri May 3 22:04:10 UTC 2013
On Fri, 03 May 2013 12:06:27 +0000, lucia at rankexploits.com wrote:
...
> >You mean, when I set up a bit of link farming, you will block Googlebot? :-)
>
> Oh you silly billy. :-) Everyone knows it's trivially easy to block one
> link farmer without blocking google. If I detected you doing rapid or
> voracious scraping I would block you.
I wouldn't touch your IP range a single time. I'd just set up a lot of
DNS to point there, and have lots of pages point to those domains. Then
the googlebot whould try to fetch all the 404 pages, and get blocked.
...
> I'm not groking this.
Obviously.
...
> I don't see how this torslap applied to logins addresses this sort of
> misbehavior.
It doesn't. It's designed for a different problem set.
...
> If you mean the low number of exit nodes means that when I ban one IP I
> may ban a large fraction of potential Tor traffic, that's possible. But
> very little of that Tor traffic is people coming to my blog. I read a
> paper -- now several years old -- that suggested more than half the
> traffic was involved in Tor tunnels used to exchange bit Torrent traffic.
Problem is, no one really can tell.
> >If there a reason you block for several days? I don't see how that
> >would help much. As opposed to not directly blocking but instead
> >reversing source and destination address in packets coming from
> >such IPs. :-)
>
> Yes. I block for days because blocking for hours is insufficient to solve
> the problem. The script-kiddie programs the script to come back and it
> likely will as soon as an IP is blocked. Even if the script-kiddie isn't
> specifically interested in my blog, they still seems to write these things
> to behave like "The Terminator" from the movie.
>
> I don't know why you think blocking won't "help much".
I spoke of the 'for days'. I don't see why blocking the script kiddie
again for an hour when he reappears wouldn't equally help.
...
> I don't understand what precisely you are proposing by this "not directly
> blocking but instead
> reversing source and destination address in packets coming from
> such IPs. :-)", nor what the smilie is intended to convey in that
> statement.
Just think what would happen if you did. (I got that idea watching the
sustained and stuipd ssh login attacks.)
...
> As it happens: when I block an IP at Cloudflare, the packets don't arrive
> at my server. I can't reverse packets and send them back. Blocking the
> IP that has been sucking my server resources in these pesky "not attacks"
> is quick, simple and it prevents bots from crashing my server as a result
> of their "not attack" behaviors.
Seriously, what kind of 404 page do you have that can't handle requests
at line speed?
...
> vulnerabilities and so on from wreaking havoc on a server. Because the
> smiley may seem friendly, but it really doesn't clarify the otherwise
> rather vague suggestion.
No; if you can't figure out what's funny about the suggestion, I won't
go explain the joke (further).
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
More information about the tor-talk
mailing list