subject:"Re\: \[tor\-relays\] Filter Tor Exit Node for blatant attacks on servers"

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Tristan

Some thoughts about "bad press," when was the last time you saw an article
about how awesome Siri is? Or read a review on how good a restaurant is? Or
anything good about anything on the Internet?

People like to complain, and use the Internet to do it. Just look at
Twitter. "Bad press" happens because nobody wants to hear boring news about
people needing Tor because of oppressing government or what have you.

Let's be honest. Gossip is much more fun when you find some dirt. It just
so happens that Tor's services are a good place to attract such dirt.

It takes a single drop of dye to color a glass of water.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Moritz Bartl

On 06/13/2016 12:53 AM, Dr Gerard Bulger wrote:
> TORRC.   If I can do that why is it reprehensible in TOR lore to attempt
> something more subtle and pre-emptive?

Because you're introducing defects into the network. A client has no way
of knowing what happens, and there is no way of identifying "malicious
traffic" reliably. What does malicious even mean. Plus the legal
implications, the "you're the network layer passing data because that's
the definition of the Internet" argument, etc etc.

> Of course much internet traffic is repugnant, but Tor attracts a higher
> proportion. 

How do you know that? You don't. When I talk to "regular" ISPs and
access providers, they also see a lot of abuse. It used to be case until
recently that a lot of access providers in Germany did not store which
of their users was using a particular IP, so they also couldn't do much
about it. Same with all the VPN providers.

> Tor is being strangled by the abuse.

You say that. I say it's not. If your ISP does not like that you cannot
do more than block destinations or ports, then find another.

> other attacks on servers that could be blocked of hindered.  Tor is
> getting a bad press and law makers respond impetuously to make bad laws
> making matters worse.   

Tor is getting bad press because it does not have a magic filter that
filters bad traffic. Okay. It does not get bad press because it is not
using any existing filters that you seem to be proposing.

More specifically, which events and types of traffic would you plan to
filter, and how? Have you looked at the capabilities of these types of
systems?

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Dr Gerard Bulger

There is a moral problem to know that the service you are running as an exit, 
for the sake of the mythical T-shirt, internet freedom and lack of censorship, 
is being abused to such an extent.   I increased my exit speed from 2.5mbs to 
5mbs and rose up the exit rankings such that abuse emails went from one every 
two months to 2-3 a day.  Some serious, many were automated crap where I wanted 
to tell the wimps to get a grip and welcome to the internet.

When tapped on the shoulder by the ISP which is pointing out obvious abuse and 
attacks coming from my exit IP, it’s not enough to shrug my shoulders and claim 
overall good of TOR.   All I can do is block the offended IP address after the 
event (without consent).  I can do that in TORRC.   If I can do that why is it 
reprehensible in TOR lore to attempt something more subtle and pre-emptive? 

Of course much internet traffic is repugnant, but Tor attracts a higher 
proportion. Tor is being strangled by the abuse. It is the login and other 
attacks on servers that could be blocked of hindered.  Tor is getting a bad 
press and law makers respond impetuously to make bad laws making matters worse. 

Gerry   

From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of 
Jonathan Baker-Bates
Sent: 12 June 2016 21:01
To: tor-relays <tor-relays@lists.torproject.org>
Subject: Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

In the past when I've tried thinking about this it has been too fraught with 
moral hazard for me. Morally, Tor is about keeping private communications 
private, in the hope that more good than bad will come of it. 

On 12 Jun 2016 8:40 p.m., "Dr Gerard Bulger" <ger...@bulger.co.uk 
<mailto:ger...@bulger.co.uk> > wrote:

Not sure eavesdrop is the right word, since ISPs throttle all sorts of traffic 
by inspecting it such as torrent, let alone TOR.   I suppose we could argue 
that in signing up for an internet connection, deep in the ISP’s small print, 
we consent to that behaviour.  Is it really true that consent has to be sought 
by every router on the way?

Inspecting packets for obvious things like denial of service attacks and brute 
force logins would seem very legitimate to me and I doubt that the law would be 
such an ass, since we cannot gain consent. 

I know there is a fine line but looking at how packets are behaving and looking 
for repetitive logins is not the same as watching the content and censoring 
that.  Then an exit node could only inspect what EXITS onto the internet.

Gerry  

From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org 
<mailto:tor-relays-boun...@lists.torproject.org> ] On Behalf Of Gareth Llewellyn
Sent: 12 June 2016 18:38
To: tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> 
Subject: Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

On 12 Jun 2016 5:49 p.m., "Jonathan Baker-Bates" <jonat...@bakerbates.com 
<mailto:jonat...@bakerbates.com> > wrote:
> But along the way I asked some others about the legal implications of doing 
> what the ISP had asked. The rough consensus was that in the UK at least, I 
> would only be able to evesdrop on traffic once consent had been given by 
> those being monitored. Otherwise I'd be illegally wiretapping and open to 
> prosecution. But it was far from clear what would happen if somebody took me 
> a court!
>

Indeed the Regulation of Investigatory Powers Act 2000 and the Investigatory 
Powers Bill contain offences relating to surveillance of traffic without a 
warrant / permission etc. (Caveats etc apply)

> On 12 June 2016 at 16:12, Dr Gerard Bulger <ger...@bulger.co.uk 
> <mailto:ger...@bulger.co.uk> > wrote:
>> Once TOR
>> exits attempts any filtering where would it stop?   It is a slippery slope.

FWIW one of the reasons we have the "pirate" blocks (in the UK) is that the 
High Court Judge (Hon. justice Arnold) in the case was informed that the ISPs 
in question had the ability to block sites (e.g. Cleanfeed) therefore it was 
possible for them to block more.

Had this ISP level censorship technology not existed then we wouldn't be in 
*quite* the situation we are now.

>> It is more than embarrassing to run an exit node and get abuse complaints
>> about persistent and repeated attacks on an IP. The intent is clearly
>> criminal.  VPS providers in the UK are increasing intolerant in receiving
>> such complaints.  The whole VPS can be closed down by the ISP/VPS provider
>> not forcing a closure of the TOR exit.  Fewer ISPs will allow you to install
>> an exit node at all.

This is one of the reasons why I started a UK ISP (AS28715) - I now run UK 
exits and don't have issues with them getting shutdown because the ISP got cold 
feet / got bored of

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Moritz Bartl

On 06/12/2016 09:39 PM, Dr Gerard Bulger wrote:
> Not sure eavesdrop is the right word, since ISPs throttle all sorts of
> traffic by inspecting it such as torrent, let alone TOR.

Even that is highly controversial, and several countries have tried to
develop "net neutrality" laws to stop it.

And obviously throttling, or prioritization of certain types of data, is
different.

The other difference is that you can detect torrent traffic by looking
at some level of "meta data", whereas most attacks require you to look
at "content", too.

> could argue that in signing up for an internet connection, deep in the
> ISP’s small print, we consent to that behaviour.  Is it really true that
> consent has to be sought by every router on the way?

The customer has a contract relationship with its access provider. And
access providers have contracts with other transit/peering providers.

Also, most "attack prevention" mechanisms that I know of require more
than just "you run it and it will magically filter bad traffic". Also,
what if I want to portscan my own network over Tor? There's a lot of
legitimate research and analysis I can think of that will trigger simple
filter mechanisms.

Yes, it makes finding ISPs for exits harder, but certainly not
impossible. If everyone who on this list has thought about content
filtering and blocking would instead spend some time researching ISPs
and adding options to the GoodBadISPs wiki, there would be enough to
pick from. It does not take too long to find 50 support email addresses
of hosters, and mass mail them to ask whether they offer WHOIS reassignment.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Jonathan Baker-Bates

In the past when I've tried thinking about this it has been too fraught
with moral hazard for me. Morally, Tor is about keeping private
communications private, in the hope that more good than bad will come of
it.
On 12 Jun 2016 8:40 p.m., "Dr Gerard Bulger" <ger...@bulger.co.uk> wrote:

> Not sure eavesdrop is the right word, since ISPs throttle all sorts of
> traffic by inspecting it such as torrent, let alone TOR.   I suppose we
> could argue that in signing up for an internet connection, deep in the
> ISP’s small print, we consent to that behaviour.  Is it really true that
> consent has to be sought by every router on the way?
>
>
>
> Inspecting packets for obvious things like denial of service attacks and
> brute force logins would seem very legitimate to me and I doubt that the
> law would be such an ass, since we cannot gain consent.
>
>
>
> I know there is a fine line but looking at how packets are behaving and
> looking for repetitive logins is not the same as watching the content and
> censoring that.  Then an exit node could only inspect what EXITS onto the
> internet.
>
>
>
> Gerry
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *From:* tor-relays [mailto:tor-relays-boun...@lists.torproject.org] *On
> Behalf Of *Gareth Llewellyn
> *Sent:* 12 June 2016 18:38
> *To:* tor-relays@lists.torproject.org
> *Subject:* Re: [tor-relays] Filter Tor Exit Node for blatant attacks on
> servers
>
>
>
> On 12 Jun 2016 5:49 p.m., "Jonathan Baker-Bates" <jonat...@bakerbates.com>
> wrote:
> > But along the way I asked some others about the legal implications of
> doing what the ISP had asked. The rough consensus was that in the UK at
> least, I would only be able to evesdrop on traffic once consent had been
> given by those being monitored. Otherwise I'd be illegally wiretapping and
> open to prosecution. But it was far from clear what would happen if
> somebody took me a court!
> >
>
> Indeed the Regulation of Investigatory Powers Act 2000 and the
> Investigatory Powers Bill contain offences relating to surveillance of
> traffic without a warrant / permission etc. (Caveats etc apply)
>
> > On 12 June 2016 at 16:12, Dr Gerard Bulger <ger...@bulger.co.uk> wrote:
> >> Once TOR
> >> exits attempts any filtering where would it stop?   It is a slippery
> slope.
>
> FWIW one of the reasons we have the "pirate" blocks (in the UK) is that
> the High Court Judge (Hon. justice Arnold) in the case was informed that
> the ISPs in question had the ability to block sites (e.g. Cleanfeed)
> therefore it was possible for them to block more.
>
> Had this ISP level censorship technology not existed then we wouldn't be
> in *quite* the situation we are now.
>
> >> It is more than embarrassing to run an exit node and get abuse
> complaints
> >> about persistent and repeated attacks on an IP. The intent is clearly
> >> criminal.  VPS providers in the UK are increasing intolerant in
> receiving
> >> such complaints.  The whole VPS can be closed down by the ISP/VPS
> provider
> >> not forcing a closure of the TOR exit.  Fewer ISPs will allow you to
> install
> >> an exit node at all.
>
> This is one of the reasons why I started a UK ISP (AS28715) - I now run UK
> exits and don't have issues with them getting shutdown because the ISP got
> cold feet / got bored of abuse emails / complaints from other customers
> (entire /24 blocked by anti-tor blacklists) etc etc.
>
> Good ISPs don't deploy web filtering, transparent proxies or IDS' that
> interfere with traffic. IMHO well behaved Tor Exits shouldn't either.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Dr Gerard Bulger

Not sure eavesdrop is the right word, since ISPs throttle all sorts of traffic 
by inspecting it such as torrent, let alone TOR.   I suppose we could argue 
that in signing up for an internet connection, deep in the ISP’s small print, 
we consent to that behaviour.  Is it really true that consent has to be sought 
by every router on the way?

Inspecting packets for obvious things like denial of service attacks and brute 
force logins would seem very legitimate to me and I doubt that the law would be 
such an ass, since we cannot gain consent. 

I know there is a fine line but looking at how packets are behaving and looking 
for repetitive logins is not the same as watching the content and censoring 
that.  Then an exit node could only inspect what EXITS onto the internet.

Gerry  

From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of 
Gareth Llewellyn
Sent: 12 June 2016 18:38
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

On 12 Jun 2016 5:49 p.m., "Jonathan Baker-Bates" <jonat...@bakerbates.com 
<mailto:jonat...@bakerbates.com> > wrote:
> But along the way I asked some others about the legal implications of doing 
> what the ISP had asked. The rough consensus was that in the UK at least, I 
> would only be able to evesdrop on traffic once consent had been given by 
> those being monitored. Otherwise I'd be illegally wiretapping and open to 
> prosecution. But it was far from clear what would happen if somebody took me 
> a court!
>

Indeed the Regulation of Investigatory Powers Act 2000 and the Investigatory 
Powers Bill contain offences relating to surveillance of traffic without a 
warrant / permission etc. (Caveats etc apply)

> On 12 June 2016 at 16:12, Dr Gerard Bulger <ger...@bulger.co.uk 
> <mailto:ger...@bulger.co.uk> > wrote:
>> Once TOR
>> exits attempts any filtering where would it stop?   It is a slippery slope.

FWIW one of the reasons we have the "pirate" blocks (in the UK) is that the 
High Court Judge (Hon. justice Arnold) in the case was informed that the ISPs 
in question had the ability to block sites (e.g. Cleanfeed) therefore it was 
possible for them to block more.

Had this ISP level censorship technology not existed then we wouldn't be in 
*quite* the situation we are now.

>> It is more than embarrassing to run an exit node and get abuse complaints
>> about persistent and repeated attacks on an IP. The intent is clearly
>> criminal.  VPS providers in the UK are increasing intolerant in receiving
>> such complaints.  The whole VPS can be closed down by the ISP/VPS provider
>> not forcing a closure of the TOR exit.  Fewer ISPs will allow you to install
>> an exit node at all.

This is one of the reasons why I started a UK ISP (AS28715) - I now run UK 
exits and don't have issues with them getting shutdown because the ISP got cold 
feet / got bored of abuse emails / complaints from other customers (entire /24 
blocked by anti-tor blacklists) etc etc.

Good ISPs don't deploy web filtering, transparent proxies or IDS' that 
interfere with traffic. IMHO well behaved Tor Exits shouldn't either.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

2016-06-12 Thread Gareth Llewellyn

On 12 Jun 2016 5:49 p.m., "Jonathan Baker-Bates" 
wrote:
> But along the way I asked some others about the legal implications of
doing what the ISP had asked. The rough consensus was that in the UK at
least, I would only be able to evesdrop on traffic once consent had been
given by those being monitored. Otherwise I'd be illegally wiretapping and
open to prosecution. But it was far from clear what would happen if
somebody took me a court!
>

Indeed the Regulation of Investigatory Powers Act 2000 and the
Investigatory Powers Bill contain offences relating to surveillance of
traffic without a warrant / permission etc. (Caveats etc apply)

> On 12 June 2016 at 16:12, Dr Gerard Bulger  wrote:
>> Once TOR
>> exits attempts any filtering where would it stop?   It is a slippery
slope.

FWIW one of the reasons we have the "pirate" blocks (in the UK) is that the
High Court Judge (Hon. justice Arnold) in the case was informed that the
ISPs in question had the ability to block sites (e.g. Cleanfeed) therefore
it was possible for them to block more.

Had this ISP level censorship technology not existed then we wouldn't be in
*quite* the situation we are now.

>> It is more than embarrassing to run an exit node and get abuse complaints
>> about persistent and repeated attacks on an IP. The intent is clearly
>> criminal.  VPS providers in the UK are increasing intolerant in receiving
>> such complaints.  The whole VPS can be closed down by the ISP/VPS
provider
>> not forcing a closure of the TOR exit.  Fewer ISPs will allow you to
install
>> an exit node at all.

This is one of the reasons why I started a UK ISP (AS28715) - I now run UK
exits and don't have issues with them getting shutdown because the ISP got
cold feet / got bored of abuse emails / complaints from other customers
(entire /24 blocked by anti-tor blacklists) etc etc.

Good ISPs don't deploy web filtering, transparent proxies or IDS' that
interfere with traffic. IMHO well behaved Tor Exits shouldn't either.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers

7 matches

Site Navigation

Mail list logo

Footer information