Scroogle & Tor

Daniel Brandt scroogle at sbcglobal.net
Wed Oct 1 12:48:07 PDT 2008 

Sure, please post it on the mailing list, and convey our apologies
to Tor users who were inconvenienced.

If it happens again, we will try to just block on the abuser's
search terms. We no longer suspect that anyone is stupid enough
to use Scroogle to scan for exit nodes, because they should
realize that if we let these get through to Google, then our
six servers might get blocked by Google. We know for a fact that
Google has the ability to block all of our servers from all of
their various data centers in about 30 minutes flat; all it takes
is for someone in a position of authority at Google to decide that
it's time to stop being tolerant toward Scroogle. (We have never
had any arrangements with Google whatsoever, and they already
know the IPs of our six servers as they appear at the 270+ Google
IP addresses we use.)

But if some Tor abuser wanted to vary the search terms by using
a dictionary lookup, this would be impossible to intercept.
In such a situation, we'd have to block all the exit nodes again.
At least we're now set up to do this effortlessly, because we've
had eight days of training. During that time we wrote and debugged
programs for automatic Tor exit-node blocking across all six
servers.

If the consensus among Tor experts is that this was a misconfigured
Tor server (we don't use Tor so we haven't a clue), we hope someone
can figure out how it happened, and also figure out how to prevent
this sort of accidental misconfiguration. Otherwise, Tor will
eventually get a bad name once script kiddies discover how much
fun this is, and it will no longer happen accidentally.

Something very similar happened to Scroogle in July, but it was at
a much lower level of activity, and seemed to happen during U.S.
business hours only, instead of around the clock. That's why we
think it may worth investigating by Tor experts, especially from
an  "ease of misconfiguration" standpoint, and possibly even from
an "early detection" standpoint.

-- Daniel

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list