Slashdot Mirror

← Back to Stories (view on slashdot.org)

Launching Anonymous Attacks Using the Tor Network

Posted by Hemos on from the wait-you-mean-people-aren't-all-nice dept.

An anonymous reader writes "Nitesh Dhanjani over at O'Reilly Network describes how malicious users can launch attacks over the Internet anonymously using the Tor network. Looks like the flip side of the Tor project is that it allows anyone to launch network scans and exploits anonymously. Great, just what we need now."

3 of 19 comments (clear)

  1. Good Article by Vodak · · Score: 4, Insightful

    Security is always going to be a concern on the Internet. The more we know about the problems we all face the better. At least this article is a calm mention of the negative possibilities that this technology can be used for instead of a paranoid rant on how this should have never been created in the first place.

  2. This is news? by dougmc · · Score: 5, Insightful
    Looks like the flip side of the Tor project is that it allows anyone to launch network scans and exploits anonymously.
    This is news?

    Anything that lets you use a service anonymously will let you abuse a service anonymously.

    Sure, the system may add limits (bandwidth used, total traffic, things it can connect to, etc.) to limit the damage that could be caused, but ultimately anything like this can be used for evil purposes.

    Some examples? The penet.fi anonymous remailer was used to troll Usenet, harass people and even to say bad things about Scientology! (The horror!)

    Another example? A NAT router hides the internal IP address of the user, which tends to make them semi-anonymous. This is good, and this is bad. (I say semi-anonymous because most NAT devices keep logs, and if you need to determine who (ab)used something, the data is usually there.

    There's lots more examples.

  3. Now, that's a discovery! by Gadzinka · · Score: 4, Informative

    I was operating mixmaster server some time ago. After couple of months of operation I've had couple of court orders[1] to reveal identity of people for which I was the last hop in mixmaster network. I decided to check outgoing mail for which I was last hop[2]. Around 90% of that mail was spam, scam, child pornography, harassment and simillar illegal and/or unethical stuff.

    That was the end of mixmaster@hell.pl.

    Oh, I believe, that there are some people in dictatorships, or some whistleblowers and other people, that really need anonymity on the net. But the reality is that whenever you make such a service available to population at large, it's the scum of the earth that dominates it.

    Robert

    [1] at least next best thing in my country, because here orders for search etc are issued by prosecution; don't ask me, why it is, it's stupid when the party to a conflict sings search warrants for the other party;

    [2] you can't view mails that are just passing through your system in mixmaster network, they are encrypted; onl the mails that leave mixmaster network through your system are cleartext (if they aren't internally encrypted, of course);

    --
    Bastard Operator From 193.219.28.162