Launching Anonymous Attacks Using the Tor Network

An anonymous reader writes "Nitesh Dhanjani over at O'Reilly Network describes how malicious users can launch attacks over the Internet anonymously using the Tor network. Looks like the flip side of the Tor project is that it allows anyone to launch network scans and exploits anonymously. Great, just what we need now."

This is news?

[dougmc]

Looks like the flip side of the Tor project is that it allows anyone to launch network scans and exploits anonymously.

This is news?

Anything that lets you use a service anonymously will let you abuse a service anonymously.

Sure, the system may add limits (bandwidth used, total traffic, things it can connect to, etc.) to limit the damage that could be caused, but ultimately anything like this can be used for evil purposes.

Some examples? The penet.fi anonymous remailer was used to troll Usenet, harass people and even to say bad things about Scientology! (The horror!)

Another example? A NAT router hides the internal IP address of the user, which tends to make them semi-anonymous. This is good, and this is bad. (I say semi-anonymous because most NAT devices keep logs, and if you need to determine who (ab)used something, the data is usually there.

There's lots more examples.