Would
it be a big think to ask that you try to get along?
Steven: hardcoding tor node IP's into a module, blocking tor as a
means of security is weird I agree but cussing and flaming never
helped anybody - I've read other replies in the thread that were a lot more
useful than 'clueless fucking dork, learn to code', etc.
Jason:
'protecting' only apache, from only a certain list of 'proxies' will not leave
your network more secure than it was when they rooted it. Shouldn't you be
concerned about how they got in? Do you already know ? If not, shouldn't you be
looking for that? If you do know, was it something out-of-the-ordinary? Maybe if
you posted THAT, it would have made more sense than trying to get people to
install some 3rd party apache module to block a number of IP's that might not be
on the net a week later. Or was it NOT something-out-of-the-ordinary? In
that case, for example, some buggy PHP exploited, safe_mode being turned off,
and whatnot - then you should be REALLY taking some basic security
measures - otherwise, your tor blocking attempt is exactly what your signature
says: 'security through obscurity'.
As a
finish, let me quote from the tor FAQ
8.4. You should hide the list of Tor servers, so people can't block the exits.
There are a few reasons we don't:
-
We can't help but make the information available, since Tor clients need to use it, so if the "blockers" want it, they can get it anyway.
-
If people want to block us, we believe that they should be allowed to do so. Obviously, we would prefer for everybody to allow Tor users to connect to them, but people have the right to decide who their services should allow connections from, and if they want to block anonymous users, they can.
-
Being blockable also has tactical advantages: it may be a persuasive response to website maintainers who feel threatened by Tor. Giving them the option may inspire them to stop and think about whether they really want to eliminate private access to their system, and if not, what other options they might have. The time they might otherwise have spent blocking Tor, they may instead spend rethinking their overall approach to privacy and anonymity.
-----Original Message-----Those acronoyms prove that I know more than you apparently. Way to demonstrate your l33t hax0r skills.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Areff
Sent: Saturday, June 03, 2006 11:28 PM
To: Steven Rakick
Cc: [email protected]
Subject: Re: [Full-disclosure] Tool Release - Tor Blocker
Jason Areff
CISSP, A+, MCSE, Security+ == Better than Steven Rakick
----------
security through obscurity isnt security
----------
On 6/3/06, Steven Rakick <[EMAIL PROTECTED]> wrote:Here's an idea. Remove those lame ass fucking acronyms
from your signature you clueless fucking dork.
Oh, and learn how to code you before you start posting
like you're all that.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On
Behalf Of Jason Areff
Sent: Saturday, June 03, 2006 10:32 AM
To: [EMAIL PROTECTED]
Cc: [email protected]
Subject: Re: [Full-disclosure] Tool Release - Tor
Blocker
It is really unfortunate that most people that replied
to this feel the need to be haughty in their
responses. I was simply trying to create a tool to
give back to the community. Our servers were
comprimised by a tor user and I saw the need to do my
best to blacklist such users. If this is not your
need, then please respond to me personally with any
suggestions you may have, but do not start a public
flame war like you are attempting.
Jason Areff
CISSP, A+, MCSE, Security+
----------
security through obscurity isnt security
----------
On 6/3/06, [EMAIL PROTECTED]
<[EMAIL PROTECTED] > wrote:
On Fri, 02 Jun 2006 23:47:38 CDT, str0ke said:
> Umm what about the new ip addresses that are added
to the tor network?
>
>
http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonly=1
Ahh.. there we go. Now a wget of that every once in a
while, and a little
bit of Perl kung-foo to build an 'addrs.h' file that
gets #include'ed and
then rebuild the module, and we're getting closer. ;)
(And don't forget to throw out any alleged exit
addresses in your own
address space, and any other addresses you really
don't want to block.
It's embarassing when a clever hacker uses your own
security routines to
DoS you ;)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
