On Mon, Jun 14, 2010 at 10:26:59PM +0100, Al MailingList wrote: > > How would you block connections to Shadowserver's honeypots? > > Why would you want to do that? The point is someone is using an exit > node for abuse. If you just prevent abuse to a honey pot, you are just > covering up the problem - real servers will still be the recipients of > the abuse?
Well, it depends how much of it is actual abuse. If the only people complaining are the honeypot, that's a good argument that the honeypot is overbroad in its notion of abuse. For example, a while ago we got to deal with SORBS's approach to Tor. They ran some honeypots on port 6667, and any addresses that connected to those honeypots got onto their spam (port 25) blacklist. They didn't know or care that Tor relays have exit policies, meaning they can allow connections to port 6667 while not allowing connections to port 25. (The result was a stand-off where SORBS declared that it hated anonymity and wanted to kill the whole idea of Tor... but that's a separate discussion. :) More generally, your point is a good one that the Tor network would do a lot better if it generated less abuse. But from talking to the exit relay operators, they see very few abuse complaints per kilobyte handled. Part of the challenge is that people who think anonymity can't be very popular look at the Tor network, figure it has roughly no users, see that it generates abuse complaints, and leap to the conclusion that most Tor users are abusing it. After all, if Tor is succeeding, nobody notices. And in fact Tor handles hundreds of thousands of users daily. People reading this thread might also like reading https://www.torproject.org/faq-abuse --Roger *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
