North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tor and network security/administration

  • From: Lionel Elie Mamane
  • Date: Thu Jun 22 03:34:14 2006

On Thu, Jun 22, 2006 at 11:58:34AM +1000, Matthew Sullivan wrote:
> Jeremy Chadwick wrote:
>> On Wed, Jun 21, 2006 at 05:02:47PM -0400, Todd Vierling wrote:

>>> If the point of the technology is to add a degree of anonymity,
>>> you can be pretty sure that a marker expressly designed to state
>>> the message "Hi, I'm anonymous!" will never be a standard feature
>>> of said technology.  That's a pretty obvious non-starter.

>> Which begs the original question of this thread which I started:
>> with that said, how exactly does one filter this technology?

> Of course SORBS' position is actually this - if you are allowing
> Trojan traffic over the Tor network you will get listed (regardless
> of whether the Trojans can talk to port 25 or not)....

How an open proxy that will not connect to port 25 is relevant for an
*email* blacklist is beyond me.

> ...and for what it's worth, I have no problems with anonymous
> networks for idealistic reasons, however they are always abused,
> they will continue to be abused, Tor is being abused, and I should
> be able to allow or deny traffic into my networks as I see fit....

> All of my discussions with Tor people have indicated [they] do not
> think I should have the right to deny traffic based on IP address,
> and that I should find other methods of authenticating traffic into
> my networks.

Isn't it rather that they think that filtering on the base of IP
address is broken in today's Internet, even if tor didn't exist? Open
proxies, trojans, multi-user computers, dynamic IPs, ... all this
makes that substituting IP address for people is very, very,