On 3/9/11 11:58 PM, Gregory Maxwell wrote: > Tor has currently has no facility for those users who are happy to > have random third parties screw with their traffic to opt-into it, or > those who would want to avoid it to opt out. This means that anything > you to the traffic will have random inexplicable effects on tor users. > Even if such a facility existed its use would likely reduce the > anonymity provided by ... partitioning the userbase (is there an echo > in here?) Hey, i know that this is an unpopular topic and not very well politically accepted one but still it seems that there is a growing interest on it. I feel like i need it and a lot of other persons would benefit from making such kind of analysis. :-)
> The tor system does have a facility for dealing with this— flagging > the trouble nodes so that no one will use the exit at all. If you are > lucky this is all that will be done to your node(s). Again, that's true only if you are damaging user's traffic and so your "filtering" doesn't break in any case: a) don't break user traffic b) don't break exit scanner traffic c) break "just some kind" of more noisy and malicious/aggressive traffic It's a matter of how things are done and with which compromise between the user's freedom, the tor anti-censorship goal along with the need for the TOR community running TOR exit nodes to reduce the risks and increasing the amount of ISPs that would allow running a TOR Exit. > If you are unlucky tor users who have been harmed by your tampering > with their traffic may begin legal action against you, and/or people > harmed by traffic exiting your node may argue that your traffic > tampering has deprived you of any applicable legal protections as a > neutral service provider... Let's make an example: If i am an ISPs doing server hosting, like demonstrated by several server disconnection due to portcan, i have some sensor to detect "very common and very aggressive attack activity" even if i am a neutral service provider. My goal is to detect serious anomaly conditions that are putting "my infrastructure" at risk (like for example heavy portscan getting out from my infrastructure). So, as an ISPs, to protect my other users in being a "neutral service provider" i will try to act to prevent heavy portscan/attacks from disrupting my credibility respect to the environment. That means that even being a "neutral service provider" to protect "other users" and provide the "service continuity" you would be doing "only good" to detect and filter "heavy, clear and malicious attacks". That would not break any non-clearly-malicious TOR user's activity and would not break any exit scanner. Look at this in such kind of prospective, with the good everyone without a taliban's approachs :-) Cheers -naif http://infosecurity.ch _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
