Tor and network security/administration
Matthew Sullivan
matthew at sorbs.net
Thu Jun 22 07:37:25 UTC 2006
Lionel Elie Mamane wrote:
>On Thu, Jun 22, 2006 at 11:58:34AM +1000, Matthew Sullivan wrote:
>
>
>>Jeremy Chadwick wrote:
>>
>>
>>>On Wed, Jun 21, 2006 at 05:02:47PM -0400, Todd Vierling wrote:
>>>
>>>
>
>
>
>>>>If the point of the technology is to add a degree of anonymity,
>>>>you can be pretty sure that a marker expressly designed to state
>>>>the message "Hi, I'm anonymous!" will never be a standard feature
>>>>of said technology. That's a pretty obvious non-starter.
>>>>
>>>>
>
>
>
>>>Which begs the original question of this thread which I started:
>>>with that said, how exactly does one filter this technology?
>>>
>>>
>
>
>
>>Of course SORBS' position is actually this - if you are allowing
>>Trojan traffic over the Tor network you will get listed (regardless
>>of whether the Trojans can talk to port 25 or not)....
>>
>>
>
>How an open proxy that will not connect to port 25 is relevant for an
>*email* blacklist is beyond me.
>
>
Perhaps because SORBS is not just an email blacklist? Perhaps because
it is also used for webmail and other things...
>>...and for what it's worth, I have no problems with anonymous
>>networks for idealistic reasons, however they are always abused,
>>they will continue to be abused, Tor is being abused, and I should
>>be able to allow or deny traffic into my networks as I see fit....
>>
>>
>
>
>
>>All of my discussions with Tor people have indicated [they] do not
>>think I should have the right to deny traffic based on IP address,
>>and that I should find other methods of authenticating traffic into
>>my networks.
>>
>>
>
>Isn't it rather that they think that filtering on the base of IP
>address is broken in today's Internet, even if tor didn't exist? Open
>proxies, trojans, multi-user computers, dynamic IPs, ... all this
>makes that substituting IP address for people is very, very,
>imprecise.
>
>
....and that is your opinion, which you are entitled to, others feel
filtering by IP address is still valid and needed which is why they do
it... Surely they are entitled to their opinions....?
Regards,
Mat
More information about the NANOG
mailing list