[90863] in North American Network Operators' Group
Re: Tor and network security/administration
daemon@ATHENA.MIT.EDU (Kevin Day)
Sat Jun 17 09:49:20 2006
In-Reply-To: <20060617132902.GA56012@icarus.home.lan>
Cc: nanog@merit.edu
From: Kevin Day <toasty@dragondata.com>
Date: Sat, 17 Jun 2006 08:49:43 -0500
To: Jeremy Chadwick <nanog@jdc.parodius.com>
Errors-To: owner-nanog@merit.edu
On Jun 17, 2006, at 8:29 AM, Jeremy Chadwick wrote:
>
> Apologies if this has been brought up before.
>
> Being as I'm not a network administrator myself (although I do filter
> some stuff using pf and ipfw on my severs), I'm curious what NAs
> think of the following technology:
>
> http://tor.eff.org/overview.html.en
>
> The problem I see is that this technology will be used (literally,
> not ideally) solely for harassment (especially via IRC). I do not
> see any other practical use for this technology other than that.
> The whole "right to privacy/anonymity" argument is legitimate, but I
> do not see people using* Tor for legitimate purposes.
We've had considerable problems with Tor.
Idiots who like to use stolen credit cards to buy things online find
Tor a nice haven of deniability and covering their tracks. Before we
got a little more proactive with it, about 20% of our credit card
fraud was coming through IPs that we could confirm were Tor hosts.
I spent a few hours with a sheriff in Alabama trying to explain how
Tor worked, why people used it, and why that even though he had an IP
address of who used a 75 year old woman's credit card number to spend
a few hundred dollars on one of our client's sites, it wasn't really
their IP.
Our IRC servers, and discussion sites also have had to ban all Tor
IPs that we've seen because of troublemakers using them to evade
bans. Specifically because of the totally unregulated/uncontrolled
nature of Tor, they're finding themselves banned from a great many
things, which is probably hurting the people it was designed for.
Because of one jerk who hopped from one Tor host to the next to get
around IP bans on our site, all those IPs are banned now, preventing
any legit use of Tor on any of our sites.
I don't find the anonymity a bad thing, but I would be a whole lot
happier if the default configuration for people running Tor servers
included an option to add HTTP headers saying that it's going through
Tor, so we could decide if we wanted to conduct financial
transactions with them or not.
