On Fri, 03 Jul 2009 10:25:41 +0200 Hans de Hartog
wrote:
>Hans de Hartog wrote:
>> Scott Bennett wrote:
>>> Unfortunately, the above method is unlikely to see more than a tiny
>>> fraction of the port 43 exits, which are usually of very short duration.
>>> Instead, try turning on in
Hans de Hartog wrote:
Scott Bennett wrote:
Unfortunately, the above method is unlikely to see more than a tiny
fraction of the port 43 exits, which are usually of very short duration.
Instead, try turning on info-level logging. Then you can use
something
like
/usr/bin/fgrep connect
Alexander Cherepanov wrote:
Hello, Anon!
You wrote to or-talk@freehaven.net on Sun, 14 Jun 2009 16:44:12 +0100:
Of course, websites & organizations have the right to choose which ports
they use for which services and open/close. Anyone trying to inflict
that kind of system on any "internet"
Hello, Scott!
You wrote to "Alexander Cherepanov" , or-talk@freehaven.net
on Mon, 15 Jun 2009 02:43:49 -0500 (CDT):
>>> Having a set of standard port numbers at which
>>> one may expect to access standard services is valuable,
>>
>>Sure it is valuable but AFAIU tor is not there to bring order bac
Hello, Anon!
You wrote to or-talk@freehaven.net on Sun, 14 Jun 2009 16:44:12 +0100:
> Of course, websites & organizations have the right to choose which ports
> they use for which services and open/close. Anyone trying to inflict
> that kind of system on any "internet" user community should STOP
Scott Bennett wrote:
Unfortunately, the above method is unlikely to see more than a tiny
fraction of the port 43 exits, which are usually of very short duration.
Instead, try turning on info-level logging. Then you can use something
like
/usr/bin/fgrep connection_edge_finished_connect
On Mon, Jun 15, 2009 at 02:43:49AM -0500, Scott Bennett wrote:
> >The main discord here seems to arise from totally different approaches
> >to the question. You are building a whitelist while default tor exit
> >policy is a blacklist. IMHO it's hard to constructively discuss amending
> >blacklis
On Sun, 14 Jun 2009 14:42:16 +0400 "Alexander Cherepanov"
wrote:
>You wrote to or-t...@seul.org, scr...@nonvocalscream.com on Sun, 14 Jun 2009
>01:15:43 -0500 (CDT):
>
>> Now, another person on this list has argued that the RFC's should be
>> ignored and that IANA should be ignored. I
Alexander Cherepanov wrote:
Hello, Scott!
You wrote to or-t...@seul.org, scr...@nonvocalscream.com on Sun, 14 Jun 2009
01:15:43 -0500 (CDT):
Now, another person on this list has argued that the RFC's should be
ignored and that IANA should be ignored. I remain unconvinced that doing
ei
Hello, Scott!
You wrote to or-t...@seul.org, scr...@nonvocalscream.com on Sun, 14 Jun 2009
01:15:43 -0500 (CDT):
> Now, another person on this list has argued that the RFC's should be
> ignored and that IANA should be ignored. I remain unconvinced that doing
> either would be a good idea.
Thank you. I switched on info-logging and tomorrow I'll post the results
of your script.
Hans de Hartog
Scott Bennett wrote:
Unfortunately, the above method is unlikely to see more than a tiny
fraction of the port 43 exits, which are usually of very short duration.
Instead, try turni
On Sun, 14 Jun 2009 09:57:31 +0200 Hans de Hartog
wrote:
>Let's get back to the facts. I ran the following script last night
>every 10 seconds for 10 hours on my exit node (lowest possible
>bandwidth, i.e. 20 KBs).
>Port Connections(cumulative for all runs)
>443 131013
>80 31367
>43
Let's get back to the facts. I ran the following script last night
every 10 seconds for 10 hours on my exit node (lowest possible
bandwidth, i.e. 20 KBs).
Port Connections(cumulative for all runs)
443 131013
80 31367
43 306
Other ports neglectable, so why the fuzz about port 43?
The scri
On Sat, 13 Jun 2009 12:25:13 -0600 Jon
wrote:
>Thank you for that thoughtful explanation.
>
>This was probably explained somewhere during the thread, I apologize
>if I missed it...
>
>Could you clarify the definition of "bogus traffic" for me.
>
Well, the definition I've been using proba
Scott wrote:
> There is a distinction between looking at things like packet headers and
looking at payload data. The former is acceptable and necessary at times
for proper system and/or network administration, whereas the latter is
probably not acceptable without a court order and may result in cr
On Sat, 13 Jun 2009 17:37:53 -0500 Tor Fox wrote:
>Jon wrote:> You want me to provide hard facts? It does not take a
>whitepaper to inform me that peering at traffic leaving the border is "A
>Good Thing" TM.
>
>Do you mean, in a perfect world there would be no snooping of exit traffic?
>I mi
Jon wrote:> You want me to provide hard facts? It does not take a
whitepaper to inform me that peering at traffic leaving the border is "A
Good Thing" TM.
Do you mean, in a perfect world there would be no snooping of exit traffic?
I might agree with you but in a perfect world we wouldn't need Tor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tor Fox wrote:
> Jon wrote:
> > You've lost the context.
>
> I don't know, maybe I have. It seemed that you were pleading with us
> not to ruin Tor by peeking at exit traffic and I was just explaining
> that Tor exit nodes can be operated by anyone, ev
Jon wrote:> You've lost the context.
I don't know, maybe I have. It seemed that you were pleading with us not to
ruin Tor by peeking at exit traffic and I was just explaining that Tor exit
nodes can be operated by anyone, even less than scrupulous individuals. So,
we're probably the last people th
Tor Fox wrote:
> Jon wrote:
> > I am however, attempting to discourage eavesdropping by operators.
>
> That seems pointless. Anyone that's thoughtful enough to listen to
> your ethical consternation will also be thoughtful enough not to do
> anything intentionally malicious. It's the same reason wh
Jon wrote:
> I am however, attempting to discourage eavesdropping by operators.
That seems pointless. Anyone that's thoughtful enough to listen to your
ethical consternation will also be thoughtful enough not to do anything
intentionally malicious. It's the same reason why the police don't make
pu
Hello, Jon!
You wrote to or-talk@freehaven.net on Sat, 13 Jun 2009 13:48:49 -0600:
> I can not agree. Sniffing the traffic at the exit node actually does
> jeopardize the reason people are using this software in the first place.
Every tor user should know that his/her traffic will definitely be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ted Smith wrote:
> On Sat, 2009-06-13 at 13:48 -0600, Jon wrote:
>> grarpamp wrote:
>>> One person's legit is another's bogus. It's always been that way.
>>> Other than routing, the use of the internet is partly chaos and
>>> it's not changing any time
On Sat, 2009-06-13 at 13:48 -0600, Jon wrote:
> grarpamp wrote:
> > One person's legit is another's bogus. It's always been that way.
> > Other than routing, the use of the internet is partly chaos and
> > it's not changing any time soon. "Packets found on an internet",
> > they exist, therefore th
grarpamp wrote:
> One person's legit is another's bogus. It's always been that way.
> Other than routing, the use of the internet is partly chaos and
> it's not changing any time soon. "Packets found on an internet",
> they exist, therefore they are, deal with it. So let's forget about
> this port
One person's legit is another's bogus. It's always been that way.
Other than routing, the use of the internet is partly chaos and
it's not changing any time soon. "Packets found on an internet",
they exist, therefore they are, deal with it. So let's forget about
this port number legitimacy thing.
Hi Jon,
On Sat, 13 Jun 2009 10:20:45 -0600 Jon
wrote:
>I've read the entire thread and I still have one persisting question in
>my mind...
>
>
>Why are "bogus port exists" bad, and why should I eliminate them form my
>exit policy?
Okay, consider how tor works. Each request to connect t
I've read the entire thread and I still have one persisting question in
my mind...
Why are "bogus port exists" bad, and why should I eliminate them form my
exit policy?
*if* I want to keep the type of traffic somewhat also anonymous
(assuming the operator is not looking at the content) then I mi
On Sat, 13 Jun 2009 10:46:26 +0200 Dominik Schaefer
wrote:
>On 12.06.09 09:29, Scott Bennett wrote:
>> This apparent fact, in turn, suggests that if a) all tor nodes with an
>> explicit exit policy were to restrict port 443 exits to just the legitimate
>> port 43 IP addresses and b) the tor d
On 12.06.09 09:29, Scott Bennett wrote:
> This apparent fact, in turn, suggests that if a) all tor nodes with an
> explicit exit policy were to restrict port 443 exits to just the legitimate
> port 43 IP addresses and b) the tor default exit policy did the same, a
> huge and illegitimate load would
On Sat, 13 Jun 2009 08:45:33 +0100 Anon Mus
wrote:
>Roger Dingledine wrote:
>> On Fri, Jun 12, 2009 at 03:51:25PM -0700, Kyle Williams wrote:
>>
>>> I think "snooping" and "statistical information" should be treated
>>> differently. Take Scott's case here. He is making a claim that by us
Roger Dingledine wrote:
On Fri, Jun 12, 2009 at 03:51:25PM -0700, Kyle Williams wrote:
I think "snooping" and "statistical information" should be treated
differently. Take Scott's case here. He is making a claim that by using
the exit policy outlined above, it would reduce the amount of tra
On Fri, 12 Jun 2009 19:32:24 -0400 Roger Dingledine wrote:
>On Fri, Jun 12, 2009 at 03:51:25PM -0700, Kyle Williams wrote:
>> I think "snooping" and "statistical information" should be treated
>> differently. Take Scott's case here. He is making a claim that by using
>> the exit policy outl
On Fri, 12 Jun 2009 23:14:12 +0200 Nils Vogels
wrote:
>On Fri, Jun 12, 2009 at 9:29 AM, Scott Bennett wrote:
>> =A0 =A0 I replaced the "ExitPolicy accept *:43" in my torrc file with the
>> following:
>>
>> ###---Limited list of allowed whois exit addresses
>> ExitPolicy accept 192.103.19.12:4
On Fri, 12 Jun 2009 15:24:33 -0400 grarpamp
wrote:
>While node operators are certainly welcome to characterize and
>define both traffic and policy as deemed fit for their own purposes...
>
>I might suggest that node operators examine things more fully in
>order to make better policy decisions
Well. I see that there has been moderately vigorous discussion going
on since I posted my new information regarding port 43 exit statistics, which
is just what I had hoped for. :-) I don't have responses for all of the
points raised in the followups so far, but I can comment on some of them.
Being familiar with ISP practice in this area, it is why you examine
the content and what you do with the knowledge of the content
observed, be it stored in your head or on disk, that matters.
It's pretty well established that one may monitor traffic in a
general way in order to figure out what's
On Fri, Jun 12, 2009 at 07:32:24PM -0400, Roger Dingledine wrote:
> There are two categories to consider here: wiretapping and pen
> registers.
I should note that in the previous post I did that thing that EFF lawyers
always do that confuses people: I pretended there's only one country in
the worl
On Fri, Jun 12, 2009 at 03:51:25PM -0700, Kyle Williams wrote:
> I think "snooping" and "statistical information" should be treated
> differently. Take Scott's case here. He is making a claim that by using
> the exit policy outlined above, it would reduce the amount of traffic on tor
> by 70% or
On Fri, Jun 12, 2009 at 3:28 PM, Andrew Lewman wrote:
> grarpamp wrote:
> > 3 - Further, there needs to be an understanding of what the traffic
> > ACTUALLY IS. Operators should be using tools such as wireshark,
> > tcpdump, bro, etc to determine the content. And if it turns out to
> > be encrypt
grarpamp wrote:
> 3 - Further, there needs to be an understanding of what the traffic
> ACTUALLY IS. Operators should be using tools such as wireshark,
> tcpdump, bro, etc to determine the content. And if it turns out to
> be encrypted to destinations and services unknown, NO such determination
>
Hey Scott,
On Fri, Jun 12, 2009 at 9:29 AM, Scott Bennett wrote:
> I replaced the "ExitPolicy accept *:43" in my torrc file with the
> following:
>
> ###---Limited list of allowed whois exit addresses
> ExitPolicy accept 192.103.19.12:43 # whois access to whois.6bone.net
> ExitPolicy acce
While node operators are certainly welcome to characterize and
define both traffic and policy as deemed fit for their own purposes...
I might suggest that node operators examine things more fully in
order to make better policy decisions overall.
1 - The use of any given TCP port alone is not suff
On 6/12/2009 3:29 AM, Scott Bennett wrote:
> In other words, by restricting just port 43 exits to only the legitimate whois
> IP addresses, I eliminated at least 70% of *all* exits through my tor node,
> which suggests to me that the vast, overwhelming majority of exits from the
> tor network are i
On Fri, 12 Jun 2009 00:44:19 -0700 Kyle Williams
top-posted:
Please stop doing that. It is terribly rude.
>Got a couple of questions.
>
>- Have you looked deeper into the request for port 43, using tcpdump or
>Wireshark?
No, of course not!
>- Do you KNOW that it is a WHOIS requ
Hi Scott,
Got a couple of questions.
- Have you looked deeper into the request for port 43, using tcpdump or
Wireshark?
- Do you KNOW that it is a WHOIS request, not OpenVPN or something else
running on the WHOIS port?
- Have you logged what IP's are being connected to?
I just curious, as this s
A bit over a month ago, I posted here some exit statistics by port number.
One major oddity among them was the count of port 43 (whois) exits, which
seemed extraordinarily large, especially in relation to the counts for other,
more expectedly popular port numbers. Some of the comments I got i
47 matches
Mail list logo
