Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scanning trough proxy, including Tor: Ethical consideration

From: "Fabio Pietrosanti (naif) - lists" <lists () infosecurity ch>
Date: Fri, 17 Jul 2015 14:45:26 +0200


On 7/17/15 1:07 AM, Fyodor wrote:

On Tue, Jul 14, 2015 at 4:44 AM, Fabio Pietrosanti (naif) - lists
<lists () infosecurity ch <mailto:lists () infosecurity ch>> wrote:

    Regarding the high-performance scanning trough proxy, including and
    especially Tor, did you considered the ethical aspects of such
    implementation?


Hi Fabio. It's an important concern, and one I also had many years ago
when we started taking the first tentative steps toward support for
scanning through Tor. 


I have an idea but i don't know if it's technically doable, neither if
it's acceptable.

What if the Tor's support for nmap will use some "tech parameters" that
would enable a Tor Exit Node operator to detect and block a portscan?

That way a Tor Exit Node operator would be able to detect abuses (due to
abuse-claims email and requests of takedown from ISPs), trace that are
coming from someone using nmap with point'n'click integration and
possibly block it or rate-limit it somehow.

That's just an idea "make it detectable at Tor Exit Node when scans are
going trough Tor" .


-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: