[90963] in North American Network Operators' Group
Re: Tor and network security/administration
daemon@ATHENA.MIT.EDU (Lionel Elie Mamane)
Thu Jun 22 03:30:28 2006
Date: Thu, 22 Jun 2006 09:29:47 +0200
From: Lionel Elie Mamane <lionel@mamane.lu>
To: Matthew Sullivan <matthew@sorbs.net>
Cc: nanog@merit.edu
Mail-Followup-To: Matthew Sullivan <matthew@sorbs.net>,
nanog@merit.edu
In-Reply-To: <4499F94A.30300@sorbs.net>
Errors-To: owner-nanog@merit.edu
On Thu, Jun 22, 2006 at 11:58:34AM +1000, Matthew Sullivan wrote:
> Jeremy Chadwick wrote:
>> On Wed, Jun 21, 2006 at 05:02:47PM -0400, Todd Vierling wrote:
>>> If the point of the technology is to add a degree of anonymity,
>>> you can be pretty sure that a marker expressly designed to state
>>> the message "Hi, I'm anonymous!" will never be a standard feature
>>> of said technology. That's a pretty obvious non-starter.
>> Which begs the original question of this thread which I started:
>> with that said, how exactly does one filter this technology?
> Of course SORBS' position is actually this - if you are allowing
> Trojan traffic over the Tor network you will get listed (regardless
> of whether the Trojans can talk to port 25 or not)....
How an open proxy that will not connect to port 25 is relevant for an
*email* blacklist is beyond me.
> ...and for what it's worth, I have no problems with anonymous
> networks for idealistic reasons, however they are always abused,
> they will continue to be abused, Tor is being abused, and I should
> be able to allow or deny traffic into my networks as I see fit....
> All of my discussions with Tor people have indicated [they] do not
> think I should have the right to deny traffic based on IP address,
> and that I should find other methods of authenticating traffic into
> my networks.
Isn't it rather that they think that filtering on the base of IP
address is broken in today's Internet, even if tor didn't exist? Open
proxies, trojans, multi-user computers, dynamic IPs, ... all this
makes that substituting IP address for people is very, very,
imprecise.
--
Lionel
