On Jun 17, 2006, at 6:29 AM, Jeremy Chadwick wrote:
Apologies if this has been brought up before.
Being as I'm not a network administrator myself (although I do filter some stuff using pf and ipfw on my severs), I'm curious what NAs think of the following technology:
http://tor.eff.org/overview.html.en
The problem I see is that this technology will be used (literally, not ideally) solely for harassment (especially via IRC). I do not see any other practical use for this technology other than that. The whole "right to privacy/anonymity" argument is legitimate, but I do not see people using* Tor for legitimate purposes.
A colleague of mine stated his opinion of my opinion: "Your problem with Tor is that you can't control it, isn't it?" And he's right -- that's the exact problem I have with it.
Comments/concerns?
It's a proxy botnet, created by social engineering, rather than compromised machines, but apart from that it's indistinguishable from any other. The approaches you're using for abuse from other open proxies and botnets should work fine for tor. If you've not dealt with the general case then fixating on tor is pretty much a waste of time (unless you're running an IRC network, perhaps). Cheers, Steve