North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tor and network security/administration

  • From: Kevin Day
  • Date: Wed Jun 21 18:43:35 2006

On Jun 21, 2006, at 4:08 PM, Todd Vierling wrote:

On 6/21/06, Kevin Day <[email protected]> wrote:
Failing that, having an exit node look at HTTP headers back from the
server that contained a "X-No-Anonymous" header to say that the host
at that IP shouldn't allow Tor to use it would work.
What's to stop one or more exit node operators from hacking such a
check right back out of the code?

Nothing, but it's the same nothing that stops me from just blocking all Tor exit nodes at the border.

If they showed a little bit of responsibility and allowed other people to make the decision if they wanted to deal with anonymous users or not, I'd be more than willing not to ban the whole lot of them.

Areas where there already is no expectation of anonymity don't allow you to hide your identify in the "real world", so I'm not sure why there is the notion that it's a right on the internet. Try applying for a credit card anonymously, or cashing a check in a bank wearing a ski mask and refusing to show any ID.

I realize fighting open proxies(even ones like this that aren't the result of being trojaned/backdoored) is a losing battle, but the sheer ease in ANYONE being able to click "Give me a new identity" with Tor has really invited the masses to start playing with credit card fraud at a level I hadn't seen before. I'm willing to bet others are experiencing the same thing, but just don't realize they are because they're unfamiliar with Tor and don't know where to look.

On top of all of that, I fully understand that the authors of Tor would have no desire to add such a feature. Their users are the end users, and placating pissy network operators gives them no benefit. All I can say is that if we had a better way of detecting Tor nodes automatically, and making policy decisions based around that fact, we'd be less likely to flat out ban them all.

On Jun 21, 2006, at 4:53 PM, Jeremy Chadwick wrote:
I'm also left wondering something else, based on the "Legalities"
Tor page.  The justification seems to be that because no one's ever
been sued for using Tor to, say, perform illegitimate transactions
(Kevin's examples) or hack a server somewhere (via SSH or some other
open service), that somehow "that speaks for itself".

I don't know about the rest of the folks on NANOG, but telling a
court "I run the Tor service by choice, but the packets that come
out of my box aren't my responsibility", paraphrased, isn't going
to save you from prison time (at least here in the US).  Your box,
your network port, your responsibility: period.

We had a sheriff in a small town in Alabama quite ready to test that theory at one point. A Tor exit node was used to purchase several hundred dollars of services on a 75 year old woman's credit card that had never used a computer in her life. It took a LOT of explaining, but after he and the county DA understood what Tor was about, they were completely willing to bring charges against the owner of the IP of the exit node. The credit card holder, however, asked that they drop the matter, so it never went anywhere. I would have been very curious to see how it turned out though.

On Jun 21, 2006, at 5:18 PM, Steve Atkins wrote:

Why bother?

If the traffic is abusive, why do you care it comes from Tor? If there's
a pattern of abusive traffic from a few hundred IP addresses, block
those addresses. If you're particularly prone to idiots from Tor (IRC,
say) then preemptively blocking them might be nice, but I doubt the
number of new Tor nodes increases at a fast enough rate for it to be
terribly interesting.

Normally if we get a lot of fraud from one user, we force all transactions inside that /24 (or whatever the bgp announcement size is) to be manually approved.

This is different because one cranky/pissed off/thieving user has control of hundreds of IPs scattered across the world. You can play whack-a-mole with them for hours, and they can keep coming back on a new IP. Each one can be a fraudulent credit card order, costing us hundreds of dollars each.

We have preemptively blocked all the Tor exit nodes we can find, but they do change at a rate fast enough that a static list isn't sufficient. Many run off cable modems out of a DHCP pool that get a new address periodically.