Tor and network security/administration

Kevin Day toasty at dragondata.com
Wed Jun 21 22:42:47 UTC 2006 


On Jun 21, 2006, at 4:08 PM, Todd Vierling wrote:

> On 6/21/06, Kevin Day <toasty at dragondata.com> wrote:
>>
>> Failing that, having an exit node look at HTTP headers back from the
>> server that contained a "X-No-Anonymous" header to say that the host
>> at that IP shouldn't allow Tor to use it would work.
>
> What's to stop one or more exit node operators from hacking such a
> check right back out of the code?


Nothing, but it's the same nothing that stops me from just blocking  
all Tor exit nodes at the border.

If they showed a little bit of responsibility and allowed other  
people to make the decision if they wanted to deal with anonymous  
users or not, I'd be more than willing not to ban the whole lot of them.

Areas where there already is no expectation of anonymity don't allow  
you to hide your identify in the "real world", so I'm not sure why  
there is the notion that it's a right on the internet. Try applying  
for a credit card anonymously, or cashing a check in a bank wearing a  
ski mask and refusing to show any ID.

I realize fighting open proxies(even ones like this that aren't the  
result of being trojaned/backdoored) is a losing battle, but the  
sheer ease in ANYONE being able to click "Give me a new identity"  
with Tor has really invited the masses to start playing with credit  
card fraud at a level I hadn't seen before. I'm willing to bet others  
are experiencing the same thing, but just don't realize they are  
because they're unfamiliar with Tor and don't know where to look.

On top of all of that, I fully understand that the authors of Tor  
would have no desire to add such a feature. Their users are the end  
users, and placating pissy network operators gives them no benefit.  
All I can say is that if we had a better way of detecting Tor nodes  
automatically, and making policy decisions based around that fact,  
we'd be less likely to flat out ban them all.


On Jun 21, 2006, at 4:53 PM, Jeremy Chadwick wrote:
>
> I'm also left wondering something else, based on the "Legalities"
> Tor page.  The justification seems to be that because no one's ever
> been sued for using Tor to, say, perform illegitimate transactions
> (Kevin's examples) or hack a server somewhere (via SSH or some other
> open service), that somehow "that speaks for itself".
>
> I don't know about the rest of the folks on NANOG, but telling a
> court "I run the Tor service by choice, but the packets that come
> out of my box aren't my responsibility", paraphrased, isn't going
> to save you from prison time (at least here in the US).  Your box,
> your network port, your responsibility: period.



We had a sheriff in a small town in Alabama quite ready to test that  
theory at one point. A Tor exit node was used to purchase several  
hundred dollars of services on a 75 year old woman's credit card that  
had never used a computer in her life. It took a LOT of explaining,  
but after he and the county DA understood what Tor was about, they  
were completely willing to bring charges against the owner of the IP  
of the exit node. The credit card holder, however, asked that they  
drop the matter, so it never went anywhere. I would have been very  
curious to see how it turned out though.



On Jun 21, 2006, at 5:18 PM, Steve Atkins wrote:
>
> Why bother?
>
> If the traffic is abusive, why do you care it comes from Tor? If  
> there's
> a pattern of abusive traffic from a few hundred IP addresses, block
> those addresses. If you're particularly prone to idiots from Tor (IRC,
> say) then preemptively blocking them might be nice, but I doubt the
> number of new Tor nodes increases at a fast enough rate for it to be
> terribly interesting.


Normally if we get a lot of fraud from one user, we force all  
transactions inside that /24 (or whatever the bgp announcement size  
is) to be manually approved.

This is different because one cranky/pissed off/thieving user has  
control of hundreds of IPs scattered across the world. You can play  
whack-a-mole with them for hours, and they can keep coming back on a  
new IP. Each one can be a fraudulent credit card order, costing us  
hundreds of dollars each.

We have preemptively blocked all the Tor exit nodes we can find, but  
they do change at a rate fast enough that a static list isn't  
sufficient. Many run off cable modems out of a DHCP pool that get a  
new address periodically.

More information about the NANOG mailing list