On 12/22/11 12:35 PM, Jacob Appelbaum wrote:

I really appreciate that you're not working for people who wish to do the Tor network harm. Please do consider the concerns of people in this thread and weight your actions against those people. They too are trying to help the network, the project, and the users.

Yes, i agree, we can find a common point. We just all need to move in the same direction, with conflicts and constructive criticism, but in the same direction.

Hopefully we'll all meet at CCC for a mate to discuss this in person!

Let's try to sketch down on a etterpad or trac ticket an idea on how to implement something like this in order to: - evaluating and pushing hardening of system/network security of Tor nodes - avoid/mitigate alerts and risks for Tor Operators That way we can try to match the needs perceived by all different parties, balancing the risk/return of the initiative. I'm gonna dump in this email a set of useful links collected during browsing to do that. We are probably not interested in Nessus & Metasploit AutoPwn, but it's important to know that anyone can just aggregate everything into a chain of automatic portscanning + vulnerability scanning + vulnerability exploiting. Python NMAP (A python library which helps in using nmap port scanner): http://code.google.com/p/python-nmap/ Python NMAP XML Parsing Scripts (nmap xml to sqlite): https://github.com/d1b/python-nmap-xml-output-parser Plugin Spotlight: Import Nmap XML Results Into Nessus http://blog.tenablesecurity.com/2009/08/plugin-spotlight-import-nmap-xml-res... MetaSploit AutoPwn Integration with Nessus: http://www.defenceindepth.net/2009/11/metasploit-autopwn-hacking-made-simple... Tor NetworkScanner/ExitAuthority: https://gitweb.torproject.org/torflow.git/tree/HEAD:/NetworkScanners/ExitAut... Scripts to extract exit-node, relays and their listening port: https://gitweb.torproject.org/tor.git/tree/HEAD:/contrib -naif _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE