so you're saying sacrifice the ability for a identifying legit attacker for the<br>sake of allowing privacy for the masses? okay, sure. i never really<br>cared about my data in the first place. ;-)<br><br>attackers have other ways, most definitely. but why use one of those other
<br>methods (proxying through a botnet) when you have tor already available<br>to you?<br><br>don't get me wrong by the way. i use tor all the time. and i'm a pretty<br>legit tor user if i say so myself :), but i can understand why someone would
<br>want to block it. i imagine a forensics person looks and sees a tor ip and<br>thinks "okay. i just deadended. there's nothing i can do because this is<br>a tor exit node." with a botnet, most bots can be traced back to their
<br>meeting point which is a little bit more useful.<br><br>is there an easier way for denying tor? or instead of denying, how about<br>identifying a user as being tor and then redirecting them to a page that<br>explains why a tor user isn't allowed to visit a specific website.
<br>if there's a better way to identify a tor user (malicious or not),<br>perhaps the list will benefit from it and come up with a better solution.<br><br><div><span class="gmail_quote">On 6/3/06, <b class="gmail_sendername">
Joel Jose</b> <<a href="mailto:joeljose420@gmail.com">joeljose420@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div>its not just fair game. we had discussed it in tor irc chan. ok so you just made a apache mod for the black list. tor always did and always do allow anyone to block tor users if they please. but the easiness which tor gives for the blocking must not be overused to deny tor communications even for legitimate purposes(definition vague).
</div>
<div> </div>
<div>hopefully the blacklists, apache mods.. and other methods of blocking tor are not "default" enabled. And hopefully the security cookbooks and other HOWTO's dont come with a default recommendation to enable these tor blocking modules.
</div>
<div> </div>
<div>The admin needs to be educated about tor. Ideally he must be able to decide for himself the balance betrween anonimity and performance. He should be empowered to take his own decision. An educated and well informed decision. Remember " if privacy is outlawed, only outlaws will have privacy".. and hackers have better ways to protect their privacy.. but as of today.. legitimate users dont have that luxury.. tor is thier most practical hope.
<br><br>joel.</div></div><div><span class="sg"><br>-- <br>As soon as men decide that all means are permitted to fight an<br>evil, then their good becomes indistinguishable from the evil<br>that they set out to destroy.<br>
- Christopher Dawson, The Judgment of Nations
</span></div><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
<br></blockquote></div><br>