Re: Danish TPB DNS Blocks
Flamsmark wrote: 2009/11/26 Scott Bennett benn...@cs.niu.edu mailto:benn...@cs.niu.edu Bzzzt!! That would eventually get an exit marked as a bad exit, too. Why? Because the root name servers serve only information in the root domain and the so-called top-level domains (e.g., .com, .edu, .gov, .info, .mil, country domains, and so on). They are much, much too busy to act as forwarders, so if you ask for anything that they don't serve themselves, you will get a no answers response. How odd. I use the root servers on my personal machine, and have never noticed this phenomenon. If you are correct, does DNS work? How does a user know which DNS servers are authoritative for other blocks? I think Scott jumped the gun a bit. It's true that if you use them directly as your authoritative resolvers (i.o.w. write them into /etc/resolv.conf), this doesn't work. Writing them in as the root hints for a full featured resolver (BIND, dnscache, etc.) works a lot better. Ideally, you run your own caching resolver and have every other host in the local site use that caching resolver, which uses the root DNS servers as hint servers. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to ban many IPs?
On Thursday 30 October 2008 12:38:33 [EMAIL PROTECTED] wrote: These are called chilling effects. Rather than directly attack something, you create an environment that discourages its existence. I run an exit node with the default policy. I, too, deal with the abuse complaints and DMCA take down notices. A couple of emails with copy and pasted responses to these things is worth it for me to provide the service for others. I've even been known to get on the phone and talk to people. Smart ISPs realize they aren't at risk from Tor nodes. Having an intelligent email, showing them https://www.torproject.org/eff/tor-legal-faq and https://www.torproject.org/eff/tor-dmca-response.html are more than most care to investigate. After 5 years, my node is still online. [clip] A reminder: Your internet service providers may not be at legal risk, but they can nonetheless be held accountable for breaches of their own transit providers' terms-of-service agreements, and if your exit-node is found to be the cause of a given TOS violation, the ISP may end up disco'ing you for fiduciary or business reasons, not legal ones. And before you ask, since these restrictions are generally considered content agnostic (for example: all IRC is proscribed over this transit link), an argument can be made that such restrictions are fair since it looks non-discriminatory.
Re: Abuse complaint
On Tuesday 07 October 2008 14:22:32 Matthew McCabe wrote: Hey- Last night, Time Warner Cable temporarily disabled my account due to an alleged attack coming from my IP address and targeting a server in Europe (Denmark I believe). Below is the e-mail I sent them to respond to the complaint. Does anyone have any suggestions on how to respond to these complaints? Is IP filtering the best (or only) option for addressing TWC's issues? Thanks for your help, Matt Bear in mind that few ISPs care whether a break-in attempt was done at your instigation or someone else's. Think botnet. If you cause an ISP problems with its peering or transit partners, they disco you once they gather enough evidence that it was sourced from your IP at the time.
Re: (micro)payments for anonymous routing in Tor?
On Tuesday 23 September 2008 00:55:50 Josh Albrecht wrote: What did people think of this paper? cs.gmu.edu/~astavrou/research/Par_PET_2008.pdf The basic idea is a scheme for micropayments between relays in the Tor network that does not create any new attacks on anonymity than already exist against Tor. Obviously we wouldn't want a network that forced people to pay to use it, but maybe if relays gave slightly higher priority to payed traffic, it would be an incentive for more people to run relays? (running a relay would earn you faster service from other relays, basically) What are some other objections? Would people be opposed to seeing something like this in Tor? How do you pay anonymously yet have the system fairly permit paid traffic to have higher priority? With anonymity intact, how do you audit and enforce this policy?
Re: How do we defeat exit node sniffing?
Jack Straw wrote: I have a question about that, which has puzzled me for quite some time. Perhaps I'm being too rigid in regards to this. I have a Gmail account that was created through Tor. I should say, that this anonymous account is a test account. I use it for no sensitive communications, however I treat the account as if I do. I have only accessed that GMail account through Tor, and my Xerobank account. Mixing it up. I have been very cautious in adhering to that. Well sort of... My bad. A few months back, in haste, I accidentally accessed the account naked from my standard IP address. Maybe 2-4 times. That's all. But it happened. I felt that the account had to be abandoned as it was now tainted. But then I thought, How so? [mitigation details removed] But is that account really tainted? One day, you may find out the hard way. Like any plan of defense, you only know about potential vulnerabilities in advance. As for whether or not your account is safe to use anymore... Well, risk vs. reward, like anything else, informs the decision. By your own admission, the risk is a little higher than it used to be.
Re: How do we defeat exit node sniffing?
defcon wrote: so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely? Apply the same security measures necessary to authenticate a non-SSL connection without the use of Tor.
Re: lots of DMCA request's... (1/day)
Geoffrey Goodell wrote: On Mon, May 19, 2008 at 06:34:41PM -0400, Brian Puccio wrote: [many interesting points cut] I think that we need to take a step back and understand more about the complaints being served to ISPs. 1. Some are clearly DMCA takedown notices. Are these the vast majority? What other kinds of abuse notices are served to Tor exit node operators, with what frequency and in what proportions? The ISPs and hosting providers tend to have agreements with their network providers that stipulate that the customer ISP take action to avoid stuff the provider doesn't like. Such as phishing and break-in attempts, which are bad. But also things like IRC usage (yes, even IRC clients). 2. To what extent are ISPs legally bound to respond to the various different kinds of notices? For each of the various kinds of abuse complaints, surely some ISPs will say this is an anonymizing relay, go away, while others will engage in an expensive investigation process, and still others will just shut down their customers without further questions. ISP staffers and counsel might not like the idea of being served legal requests, but it is critical that we understand the extent to which they are legally bound to respond, and the space of potential responses. If the points in this document [1] do not provide a simple, consistent, effective way for ISPs to respond without significant thought, then the document should be amended -- but it is not clear to me that ISPs are significantly burdened by abuse complaints in the general case. I would like to see evidence to the contrary. Some hosting providers (not just ISPs) receive 100s of abuse complaints for various kind of stuff in a month. Some of them may show up from process servers.
Re: [OT] mitigating or defeating syntax analysis
On Thursday 17 April 2008 15:04:05 scar wrote: assume there is a global adversary trying to track down an anonymous Tor-user by using syntax analysis. that is to say, gathering sets of sentences or paragraphs from e-mails or forums, etc. and then recognizing similarities in the syntax (that is, the way the sentence or paragraph is written) in order group anonymous text with non-anonymous text and ultimately reveal the identity of an anonymous user, based on the way they write, basically. the field of psycholinguistics would probably be a good resource for this type of analysis. Most reasonable tor clients will go through the trouble to use an SSL/TLS-encapsulated protocol to make sure their communication isn't trivially readable at the exit node. It's a little more work, but SMTP, IMAP and web browsing can conceivably all be enciphered even as it travels the normal internet. Most Unix system administrators already know why to use SSH as opposed to telnet, for similar reasons. i hope that's clear enough. so, Tor can help defeat network traffic analysis. now, how can the anonymous user (or, more accurately, talker/writer/blogger) mitigate or defeat this syntax analysis? are there any scholarly papers or websites with this information, or at least talking more about syntax analysis (perhaps there is a more proper technical term)? for example, i think one rule would be to always use proper capitalization and punctuation, something i never do in my non-anonymous writing. ;) I'm under the impression that trying to use Tor to help obfuscate what you're doing beyond Layer 4 is using the wrong tool for the job.
Re: Child pornography blocking again
Kraktus wrote: Tor already has censorship hooks. Tor nodes are already in control of their own exit policies. Certain ports are already blocked by default. This would simply provide Tor nodes with another tool to control what leaves their nodes. And if Tor nodes didn't want to use it, they wouldn't have to. Hello, I would assert a disagreement here, and indicate that exitpolicy is a *traffic* obstruction hook, not a censorship hook. Key different: the ExitPolicy strictly works on the basis of the Layer3/Layer4 target address. Your proposed censorship hook seems to require a continually updated set of blocks on the basis of content. ExitPolicy can't tell an HTTP connection for wikipedia from an HTTP connection for a bit image. Please see a reasonable reference for usenet death penalty if this is in any way unclear.
