Tor and network security/administration

Wed Jun 21 17:58:09 UTC 2006

On Jun 21, 2006, at 12:43 PM, Lionel Elie Mamane wrote:
>
> If the proxy is not at the Tor exit node, how can the tor network
> enforce the addition of the "this connection went through tor" HTTP
> header that Kevin Day was asking for? Fundamentally, if you rely on a
> program sitting on the user's computer adding that header, then
> malevolent users can not add this header, so Kevin Day's purpose is
> not served. And that is what is being discussed here.
>

Just to chime in before this gets any further off what I meant:

I know any intermediary nodes can't inject headers into HTTPS  
connections, that kinda defeats the purpose of SSL. :)

When doing any financial transaction, before any user enters anything  
sensitive, we bounce them to an HTTP page first, then look for common  
proxy headers on that request. If none are found, they're given a  
cookie that allows them to continue on that IP only for HTTPS  
transactions for the next 15 minutes.

Failing that, having an exit node look at HTTP headers back from the  
server that contained a "X-No-Anonymous" header to say that the host  
at that IP shouldn't allow Tor to use it would work.

*Anything* would be better for Tor users if we could keep Tor abuse  
off our financial services without having to just ban all Tor IPs at  
the border. On a credit card transaction page, you have no anonymity  
anyway, since you're having to give us your credit card number, home  
address, etc. Yet, until we banned as many known Tor IPs as we could  
find from our network, Tor IPs accounted for a pretty high percentage  
of our credit card fraud, and nearly zero non-fraudulent use. Tor IPs  
had some significant(legitimate) use on some of our other sites, but  
that's gone because they're all null routed at the border now.

Tor may have some legit uses, but when it's costing us $BIGNUM in  
credit card fraud, I'm not going to spend too much time trying to  
only selectively ban it from our network.