Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Tool Release - Tor Blocker

from [John Sprocket] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Tool Release - Tor Blocker
Date: Sat, 3 Jun 2006 15:56:30 -0400 
sure, there's a lot of legitimate tor users out there. but tor is a free
community supported proxy chain. an attacker can use this great tool
in their attacks in order to keep themselves hidden. a security
minded administrator would probably not want a user to visit their site
and remain hidden. why if i being interested in protecting my website
would i want to allow a valid or invalid user to visit my website?
do we want a proxy chain for an attacker even tho it has valid reasons
for usage?

there's probably a much better way to accomplish what jason areff
is wanting to do. but this is a start. and i see where he's coming from.
and sure, his code my suck...but hey. he's an administrator, not a coder.
;-)

jason, rather than blacklisting like that, there might be a better way. you
might have to look at how tor works though.

Tonnerre Lombard <tonnerre.lombard@sygroup.ch> wrote: 

Salut,

On Sat, 2006-06-03 at 00:21 -0400, Jason Areff wrote:
> It has come to our attention that the majority of tor users are not
> actually from china but are rather malicious hackers that (ab)use it
> to keep their anonymity.

At this point, I would like to ask you not to use this tool in the wild.
There is a whole lot of legitimate Tor users out there, and there are
enough reasons to use Tor for purposes other than splatting other
machines. For example (those applicable to me):

* When I'm in the European Parliament, Tor is one of the only methods
   other than a VPN on port 80 to actually get traffic in and out. This
   again is helpful to have live communication of decisions/debates and
   to interact in a sensible way.
* When I'm in the European Union, I don't want to be a suspected
   terrorist because I talk to my friends in Pakistan, Israel, Brazil,
   Honduras, Cuba etc. (about the latest NetBSD development etc. by the
   way)
* Some of my security research usually gets me on the black lists of
   some federal police blah etc. because they consider everyone
   searching for that a terrorist. Yet I do it mostly to be up to date
   on certain developments in terms of security.

There are many more reasons which I also wrote a number of articles
about in various magazines and on various websites. There are a couple
of abusers of Tor, for sure. But by blocking them, you are also
preventing us from making legal use of this nice tool. And it really is
a nice tool.

Another thing to consider is:

Most of the attacks on your server are coming from the Internet, just
like a lot of SPAM, port scans, etc. There is little legitimate traffic,
as opposed to the local network where a lot of employees and backup
servers etc. are doing their work and nearly 80% of the traffic are
actually legitimate. Why not block the Internet then? Most of the time
you don't get the bastard spamass anyway.

                                Tonnerre
--
SyGroup GmbH
Tonnerre Lombard

Loesungen mit System
Tel:+41 61 333 80 33    Roeschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach
Web:www.sygroup.ch      tonnerre.lombard@sygroup.ch


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iQIVAwUARIFw1+1mMGan/TnWAQKI7BAApf0KjQbKSxXgAtQPU2bYAKMMw++FdsHS
YYEXdhPEwEmCcaVoUTG/u0PPBMxM8QlKyN8d0yb9v9C/RCQWK+UwJqx817/60rPJ
QZE1I8wLRjCYnpTzvDd29KCSR810683qO1uPZiybjku353ipfrMjqFor3XrptV4b
ncgCM/6hdAs23TkDWxv+3fxhjYs0fPQG8ynxvlQ3TV0JvhrT8vQoFzsLZg8xqsJj
dEY4WyDYBQgKB05GuB4/gixT2uiqN0IvVp4L7hrcsOD1y8KCIdtfz+IE5T/qKmQZ
tYXbGoduVWh5RjUozaiwxhl6s1YXydwxJgcCSMojBac5yZY1eExIXmXsrknv0CN/
PQ16iZuZZatDCTP5hCPJe9ezlUuoHqyHp7vzdWhW3vV/O/mzGN1rb0EJ7bpGneUV
CcrDFhsN5jvGVD8y8wGuXJM6tsCGfjUYdkOlXDVwLOiEk7bft+fD1n/H5lA/8B7v
OgnQvQ8s3T6wS1yzUiGkeOdklaBh+dJiwox6ru5ITx+b6ewMj683gv1rT1SKHoW1
gkMSU2o6ujTTRvT4HOZP/nGpZ7aDmn9v3QGNmLmyEBBD8NqokujHJyn47EQeitBI
tg7rKVyEBpR0TP+0Ua9aS8fKSCYyb4O3SF8hFbQR9kyuIA3EV6vVIFkYJOlrUdsY
IWZ9AI3S4k0=
=fDmB
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] How stop DoS and SYN attack.., Ruben Cardenal
Next by Date:  Re: [Full-disclosure] n3td3v bashers on FD, Anders B Jansson
Previous by Thread:  Re: [Full-disclosure] Tool Release - Tor Blocker, Tonnerre Lombard
Next by Thread:  Re: [Full-disclosure] Tool Release - Tor Blocker, Fabio Pietrosanti - naif
Indexes:  [Date] [Thread] [Top] [All Lists]