Re: [tor-relays] HoneyPot?
Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 On Thu, Oct 29, 2015 at 1:22 PM, Mirimirwrote: > Anyone know what HoneyPot was/is? > > > https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60CA3 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
Green Dream: > Mirimir: aside from the nickname, do you have any reason to believe it was > out of the ordinary? The exit policy mostly only seems to allow > non-encrypted services (80 but not 443, 143 A while ago we were actively marking nodes that only allowed non-encrypted services as BadExit, since there were no satisfactory explanations given as to why nodes should need this policy. Back then, the most common explanation people gave was "I need the ability to block traffic that looks evil." Unfortunately, all mechanisms available to do this will also end up blocking legitimate content at some rate. Nobody was using anything more advanced than snort-style regular expressions that matched things that happened to look like exploits. FWIW, I am personally in favor of reinstating such a policy. I doubt the situation has changed. -- Mike Perry signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
(Oops, sorry, an errant keyboard shortcut sent the email too early.) Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 but not 993), but that alone isn't enough to give it the BadExit flag: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays#Whatisabadrelay ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
On 10/29/2015 03:05 PM, Mike Perry wrote: > Green Dream: >> Mirimir: aside from the nickname, do you have any reason to believe it was >> out of the ordinary? The exit policy mostly only seems to allow >> non-encrypted services (80 but not 443, 143 > > A while ago we were actively marking nodes that only allowed > non-encrypted services as BadExit, since there were no satisfactory > explanations given as to why nodes should need this policy. > > Back then, the most common explanation people gave was "I need the > ability to block traffic that looks evil." Unfortunately, all mechanisms > available to do this will also end up blocking legitimate content at > some rate. Nobody was using anything more advanced than snort-style > regular expressions that matched things that happened to look like > exploits. > > FWIW, I am personally in favor of reinstating such a policy. I doubt the > situation has changed. I concur. Peeking at exit traffic violates Tor integrity, no? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
Probably someone being cute in their naming scheme. Nchinda^2, -0.1743*kg^6 m^4 mol s^-14, @firescar96 On Thu, Oct 29, 2015 at 4:22 PM, Mirimirwrote: > Anyone know what HoneyPot was/is? > > > https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60CA3 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
On 10/29/2015 02:42 PM, Green Dream wrote: > (Oops, sorry, an errant keyboard shortcut sent the email too early.) > > Mirimir: aside from the nickname, do you have any reason to believe it was > out of the ordinary? The exit policy mostly only seems to allow > non-encrypted services (80 but not 443, 143 but not 993), but that alone > isn't enough to give it the BadExit flag: > > https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays#Whatisabadrelay I had no reason to wonder about it, except for the name. But the fact that it only seems to allow non-encrypted services is suspicious. I'm guessing that it is or was part of some research project that involves traffic interception. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
Is the end of the month. Maybe they ran out of bandwidth and will be back 11/1. LeaseWeb over-limit rates are terrifying. BTW the exit policy includes 443. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
> BTW the exit policy includes 443. My mistake. I didn't realize the policy view on Atlas is truncated. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
Given the current state of the internet (ie, massive warrantless spying by LEO's and packet inspection by ISP's) I cannot imagine how any TOR operator would block encrypted services and not be what most reasonable people consider a "Bad exit". On 2015-10-29 14:05, Mike Perry wrote: > Green Dream: > >> Mirimir: aside from the nickname, do you have any reason to believe it was >> out of the ordinary? The exit policy mostly only seems to allow >> non-encrypted services (80 but not 443, 143 > > A while ago we were actively marking nodes that only allowed > non-encrypted services as BadExit, since there were no satisfactory > explanations given as to why nodes should need this policy. > > Back then, the most common explanation people gave was "I need the > ability to block traffic that looks evil." Unfortunately, all mechanisms > available to do this will also end up blocking legitimate content at > some rate. Nobody was using anything more advanced than snort-style > regular expressions that matched things that happened to look like > exploits. > > FWIW, I am personally in favor of reinstating such a policy. I doubt the > situation has changed. > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1] Links: -- [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
> I cannot imagine how any TOR operator would block encrypted services > and not be what most reasonable people consider a "Bad exit". It turns out this "HoneyPot" node is NOT blocking encrypted services. They allow ports 443, 993, and other encrypted services. Unfortunately that line of the exit policy isn't displayed on Atlas. You can see the full policy on Globe: https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA3 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
On 10/29/2015 05:20 PM, Green Dream wrote: >> I cannot imagine how any TOR operator would block encrypted services >> and not be what most reasonable people consider a "Bad exit". > > > It turns out this "HoneyPot" node is NOT blocking encrypted services. They > allow ports 443, 993, and other encrypted services. Unfortunately that line > of the exit policy isn't displayed on Atlas. You can see the full policy on > Globe: > > https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA3 Why does Atlas drop stuff? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
On Thu, Oct 29, 2015 at 05:25:31PM -0600, Mirimir wrote: > On 10/29/2015 05:20 PM, Green Dream wrote: > > Unfortunately that line > > of the exit policy isn't displayed on Atlas. You can see the full policy on > > Globe: > > > > https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA3 > > Why does Atlas drop stuff? Hm? I can see the exit policy just fine on Atlas. You need to scroll down in the "IPv4 Exit Policy Summary" table. https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60CA3 --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] HoneyPot?
On 10/29/2015 09:18 PM, Roger Dingledine wrote: > On Thu, Oct 29, 2015 at 05:25:31PM -0600, Mirimir wrote: >> On 10/29/2015 05:20 PM, Green Dream wrote: >>> Unfortunately that line >>> of the exit policy isn't displayed on Atlas. You can see the full policy on >>> Globe: >>> >>> https://globe.torproject.org/#/relay/F77FD005BF74CD0B4C611389C3006452AEC60CA3 >> >> Why does Atlas drop stuff? > > Hm? I can see the exit policy just fine on Atlas. You need to > scroll down in the "IPv4 Exit Policy Summary" table. > > https://atlas.torproject.org/#details/F77FD005BF74CD0B4C611389C3006452AEC60CA3 > > --Roger Doh. Thanks :) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays