North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Tor and network security/administration
Jeremy Chadwick wrote:
On Wed, Jun 21, 2006 at 05:02:47PM -0400, Todd Vierling wrote:..and that is also the reason why SORBS and Tor have been a logger heads... This think that their answer addresses SORBS' position from their Abuse FAQ ( http://tor.eff.org/faq-abuse.html.en ):
SORBS is putting some Tor server IPs on their email blacklist as well. They do this because they passively detect whether your server connects to certain IRC networks, and they conclude from this that your server is capable of spamming. We tried to work with them to teach them that not all software works this way, but we have given up. We recommend you avoid them, and teach your friends (if they use them) to avoid abusive blacklists too <http://paulgraham.com/spamhausblacklist.html>.
Of course SORBS' position is actually this - if you are allowing Trojan traffic over the Tor network you will get listed (regardless of whether the Trojans can talk to port 25 or not).... Considering they were told that, it shows the lack of concern, respect, intelligence or nettiqette for such issues. The new SORBS DB (coming soon) will include a Tor DNSbl (like the AHBL's) where administrators of services can choose to block this type of traffic.
Our response to people whilst Tor is "That's what you get for using Tor, if you must use Tor we recommend moving it to a server/IP that is not used for anything important and getting a good lawyer."
"You can't" doesn't make for a very practical solution, by the way.I actually know of someone who was caught trying to brute force an ISPs SSH server - he blamed it on Tor - that didn't stop legal action and getting his connection terminated. (Sorry I am not permitted to give details of who or which ISP - so don't ask) - I don't know whether he was the responsible party or not, but I do know he has had several accounts terminated for similar 'suspect' activity. He continues to run a Tor node.
I don't know about the rest of the folks on NANOG, but telling aAFAIK nor here (Australia) nor in the UK - if the traffic is seen to be coming from your machine *you* are responsible unless *you* can show the traffic was generated by someone else. i.e. you cannot say 'sorry officer it was not me it was my machine' you have to be able to say (and prove), 'sorry officer it was not me it was someone else, I don't know who, but here is the information about the next step back to the source so that you can continue your investigation.' (same as speeding tickets - you can't just say "I wasn't driving" - you have to either say 'x was driving' or "It wasn't me, I don't know who was driving but I lent the car to x you should ask them."
...and for what it's worth, I have no problems with anonymous networks for idealistic reasons, however they are always abused, they will continue to be abused, Tor is being abused, and I should be able to allow or deny traffic into my networks as I see fit....
All of my discussions with Tor people have indicated [they] do not think I should have the right to deny traffic based on IP address, and that I should find other methods of authenticating traffic into my networks.