On 12/20/11, Fabio Pietrosanti (naif) <[email protected]> wrote: > I made a big portscan+app fingerprinting of all Tor exit and Relay: > [.. snip ..]
Which is why I stopped running a relay - waaaay too many people poking at my machine. In retrospect I was probably just incredibly naive, but when I put up a tor relay I was expecting to just relay tor traffic. I did not sign up to be the target of any wannabe pen tester. > It would be interesting to analyze it to understand "what's running" on > Tor Exit and Tor Relays, eventually make up some kind of network > monitoring systems like it's done for Enterprise Security Monitoring > Systems. The difference being that enterprise security monitoring systems are monitoring *enterprise* systems. Tor exits and relays do not belong to you; you have no right (certainly the ability, but NOT the right) to run pen tests on those machines. > IE (automatically): > - Having a periodic portscan + application fingerprinting > - Passing the result to a nessus vulnerability analyzer > - Sending the results to the contact info > - Repeating the tests every 2 week, sending again the result to the > contact info > - If a "high" vulnerability it's not fixed automatically within 1 > months, publish it to the internet Absolutely brilliant. Someone donates to your cause and, if they don't come up to your standards, you do your best to ensure they get pwned instead of just dropping them from the donor list. > Or a process like that to always know that the "System/Network" security > of computers running Tor it's ok, and if not ok "do something". It seems to me the only legitimate "do something" available to the Tor community would be to drop the server from the list of tor nodes. > Imho it would not be complicated to setup a stuff like that It wouldn't be hard to set up, but absent an agreement with the owners to allow scanning, how long do you thing it would last? I kept adding IPs to my blacklist until I got tired of it & turned the relay off. (no, I didn't allow scanning my machine. But I did log all attempts. Blacklisted addresses got totally blocked) Lee _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
