Andrew Sullivan wrote :
yet we need to do something about the attacks against the IETF sites, which
have been painful and which we need to be prepared to handle.
About a month ago, I did a quick analysis on Tor exit nodes and found that
about half of them are on a blacklist of some kind. I am not assessing the
validity of the various methodologies used to blacklist the addresses, I'm just
counting beans. The captcha mentioned earlier is a middle way, as some
organizations go further and block Tor entirely. Call it profiling all you
want, it's no different than a spam blacklist : it's IP reputation; being a Tor
exit node does carry a burden in the metric used to assess the reputation and
therefore the threat potential. If it looks like a duck and quacks like a duck,
some people are going to wonder if it's a duck. I'm not judging here, I'm just
looking at numbers.
No brilliant suggestions here, just questions.
None here either. Regrettably, some guys out there are using Tor for bad
purposes, it also is a foregone conclusion that some of the attacks carried
over Tor are part of the equivalent of a joe-job.
Trolling about Tor being blocked does not help, though. Here is the challenge
for the brilliant minds in here : make it so it preserves the anonymity of
people who genuinely need it, but stop it from being an attack vector. It means
cleaning up when it enters the system, instead of having users cleaning when it
exits the system.
Michel.