sure, there's a lot of legitimate tor users out there. but tor is a free<br>community supported proxy chain. an attacker can use this great tool<br>in their attacks in order to keep themselves hidden. a security<br>minded administrator would probably not want a user to visit their site
<br>and remain hidden. why if i being interested in protecting my website <br>would i want to allow a valid or invalid user to visit my website?<br>do we want a proxy chain for an attacker even tho it has valid reasons<br>
for usage?<br><br>there's probably a much better way to accomplish what jason areff<br>is wanting to do. but this is a start. and i see where he's coming from.<br>and sure, his code my suck...but hey. he's an administrator, not a coder. ;-)
<br><br>jason, rather than blacklisting like that, there might be a better way. you<br>might have to look at how tor works though.<br><br><div><span class="gmail_quote"> <b class="gmail_sendername">Tonnerre Lombard</b> <
<a href="mailto:tonnerre.lombard@sygroup.ch">tonnerre.lombard@sygroup.ch</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Salut,<br><br>On Sat, 2006-06-03 at 00:21 -0400, Jason Areff wrote:<br>> It has come to our attention that the majority of tor users are not<br>> actually from china but are rather malicious hackers that (ab)use it<br>
> to keep their anonymity.<br><br>At this point, I would like to ask you not to use this tool in the wild.<br>There is a whole lot of legitimate Tor users out there, and there are<br>enough reasons to use Tor for purposes other than splatting other
<br>machines. For example (those applicable to me):<br><br> * When I'm in the European Parliament, Tor is one of the only methods<br> other than a VPN on port 80 to actually get traffic in and out. This<br> again is helpful to have live communication of decisions/debates and
<br> to interact in a sensible way.<br> * When I'm in the European Union, I don't want to be a suspected<br> terrorist because I talk to my friends in Pakistan, Israel, Brazil,<br> Honduras, Cuba etc. (about the latest NetBSD development etc. by the
<br> way)<br> * Some of my security research usually gets me on the black lists of<br> some federal police blah etc. because they consider everyone<br> searching for that a terrorist. Yet I do it mostly to be up to date
<br> on certain developments in terms of security.<br><br>There are many more reasons which I also wrote a number of articles<br>about in various magazines and on various websites. There are a couple<br>of abusers of Tor, for sure. But by blocking them, you are also
<br>preventing us from making legal use of this nice tool. And it really is<br>a nice tool.<br><br>Another thing to consider is:<br><br>Most of the attacks on your server are coming from the Internet, just<br>like a lot of SPAM, port scans, etc. There is little legitimate traffic,
<br>as opposed to the local network where a lot of employees and backup<br>servers etc. are doing their work and nearly 80% of the traffic are<br>actually legitimate. Why not block the Internet then? Most of the time<br>you don't get the bastard spamass anyway.
<br><br> Tonnerre<br>--<br>SyGroup GmbH<br>Tonnerre Lombard<br><br>Loesungen mit System<br>Tel:+41 61 333 80 33 Roeschenzerstrasse 9<br>Fax:+41 61 383 14 67 4153 Reinach<br>Web:<a href="http://www.sygroup.ch">
www.sygroup.ch</a> <a href="mailto:tonnerre.lombard@sygroup.ch">tonnerre.lombard@sygroup.ch</a><br><br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.3 (NetBSD)<br><br>iQIVAwUARIFw1+1mMGan/TnWAQKI7BAApf0KjQbKSxXgAtQPU2bYAKMMw++FdsHS
<br>YYEXdhPEwEmCcaVoUTG/u0PPBMxM8QlKyN8d0yb9v9C/RCQWK+UwJqx817/60rPJ<br>QZE1I8wLRjCYnpTzvDd29KCSR810683qO1uPZiybjku353ipfrMjqFor3XrptV4b<br>ncgCM/6hdAs23TkDWxv+3fxhjYs0fPQG8ynxvlQ3TV0JvhrT8vQoFzsLZg8xqsJj<br>dEY4WyDYBQgKB05GuB4/gixT2uiqN0IvVp4L7hrcsOD1y8KCIdtfz+IE5T/qKmQZ
<br>tYXbGoduVWh5RjUozaiwxhl6s1YXydwxJgcCSMojBac5yZY1eExIXmXsrknv0CN/<br>PQ16iZuZZatDCTP5hCPJe9ezlUuoHqyHp7vzdWhW3vV/O/mzGN1rb0EJ7bpGneUV<br>CcrDFhsN5jvGVD8y8wGuXJM6tsCGfjUYdkOlXDVwLOiEk7bft+fD1n/H5lA/8B7v<br>OgnQvQ8s3T6wS1yzUiGkeOdklaBh+dJiwox6ru5ITx+b6ewMj683gv1rT1SKHoW1
<br>gkMSU2o6ujTTRvT4HOZP/nGpZ7aDmn9v3QGNmLmyEBBD8NqokujHJyn47EQeitBI<br>tg7rKVyEBpR0TP+0Ua9aS8fKSCYyb4O3SF8hFbQR9kyuIA3EV6vVIFkYJOlrUdsY<br>IWZ9AI3S4k0=<br>=fDmB<br>-----END PGP SIGNATURE-----<br><br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">
http://secunia.com/</a><br><br></blockquote></div><br>