Re: [Full-disclosure] Tool Release - Tor Blocker

Inline...

On 6/2/06, Jason Areff <hailtheczar@xxxxxxxxx> wrote:
It has come to our attention that the majority of tor users are not actually
from china but are rather malicious hackers that (ab)use it to keep their
anonymity.

Really? I'm curious where you got those statistics. Are you saying
that you broke the anonymity of tor and were able to track down users
to their actual location? Or are you just making assuptions based on
your limited experiance and a few unverified emails?

[snip]

Otherwise this puts the administrator in responsibility for
any malicious actions caused by said user. Forensics is left with a tor exit
node.

As others have mentioned, wouldn't it just be a lot easier to secure
your server in the first place rather then worrying about who to
prosecute after the fact? What are you going to do when you figure
out the guy who hacked your box is a 13 yr old kid in Russia or China?
In my experiance, you're really missing the boat when it comes to
securing your systems.

[snip]

To mitigate most tor attackers we've written an apache module designed to
give tor users a 403 error when visiting a specific website. We suggest all
administrators whom do not wish a malicious tor user to visit and possibly
deface their website to enable the usage of this module.

Your module doesn't actually make a determination between "malicious"
and "legitimate" users of tor. From where I come from, we call this
"throwing the baby out with the bath water".

This may not get
all attackers, but hopefully it raises the security bar just a little bit
more to safeguard ourselves from hackers.

As others have mentioned your code has a variety of flaws. Assuming
you fix the others, I would also recommend you only list actual Tor
exit nodes rather then all nodes (which include 'middle-man nodes'
which don't allow people to connect to external services). Middle-man
nodes pose no risk to you or your severs.

Jason Areff
CISSP, A+, MCSE, Security+


----------
security through obscurity isnt security
----------

Heh. I find your .sig rather ironic.

--
Aaron Turner
http://synfin.net/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • [TOOL] Tor: An Anonymous Internet Communication System
    ... Get your security news from a reliable source. ... Tor is a toolset for a wide range of organizations and people that want to ... new applications with built-in anonymity, safety, and privacy features. ... Internet users with protection against "traffic analysis," a form of ...
    (Securiteam)
  • Re: how to secure my computer
    ... If you have any tutorials/links about security concerning Linux, ... Install and use an IDS, ... If you run a DNS server keep it private and isolated from ... See if you may want to install and run "Tor". ...
    (comp.os.linux.security)
  • [Full-disclosure] [ GLSA 200508-16 ] Tor: Information disclosure
    ... A flaw in Tor leads to the disclosure of information and the loss of ... anonymity, integrity and confidentiality. ... Tor Security Announcement ... confidentiality and security of our users machines is of utmost ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
    ... not imply or beget security nor vice versa. ... You can use Tor to make yourself "anonymous" to your destinations on the ... Hiding behind/through Tor and an encrypted proxy just puts more layers ... anonymizing network is rife with law enforcement infiltration. ...
    (Full-Disclosure)
  • [ GLSA 200508-16 ] Tor: Information disclosure
    ... A flaw in Tor leads to the disclosure of information and the loss of ... anonymity, integrity and confidentiality. ... Tor Security Announcement ... confidentiality and security of our users machines is of utmost ...
    (Bugtraq)