On Sat, Jun 17, 2006 at 08:49:43AM -0500, Kevin Day wrote:
On Jun 17, 2006, at 8:29 AM, Jeremy Chadwick wrote:
Being as I'm not a network administrator myself (although I do filter some stuff using pf and ipfw on my severs), I'm curious what NAs think of the following technology:
We've had considerable problems with Tor.
Idiots who like to use stolen credit cards to buy things online find Tor a nice haven of deniability and covering their tracks.
Our IRC servers, and discussion sites also have had to ban all Tor IPs that we've seen because of troublemakers using them to evade bans.
I don't find the anonymity a bad thing, but I would be a whole lot happier if the default configuration for people running Tor servers included an option to add HTTP headers saying that it's going through Tor, so we could decide if we wanted to conduct financial transactions with them or not.
You don't do your financial transactions over HTTPS? If you do, by the very design of SSL, the tor exit node cannot add any HTTP header. That would be a man-in-the-middle attack on SSL. (Unless you count that users will click "accept" on any "this could be a forged certificate" warning.) More generally, tor is not an HTTP proxy, but a TCP proxy. Which doesn't mean it cannot (as in "there is a Turing machine that does it") also go up from layer 4/5 to layer 7 for certain specific application protocols; it would only be harder, ask for more resources from the node, ... -- Lionel