Konferenzbeitrag

Abusers don’t get Privacy. Sensitively Logging and Blocking Tor Abuse

Vorschaubild
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
C1-5.pdf (117.13 KB)
Datum
2020
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
SICHERHEIT 2020
Doktorandenforum
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Tor has a significant problem with malicious traffic routed through Tor exit nodes. They create a credible reason for websites to discriminate against Tor users. The abuse also creates a strong disincentive to run exit nodes since the exit node operators have to deal with abuse messages and possible law enforcement interactions. We want to detect and mitigate the attacks that happen through Tor exit nodes without undermining Tor users’ anonymity and privacy. We use a modified version of the Tor exit node to enable NIDS (Network Intrusion Detection) monitoring and termination of malicious activity on a per-circuit level. We use the Zeek IDS (formerly Bro) to detect attacks using robust mechanisms that have very low false positive rates. Initial results indicate that, using our approach, the number of abuse cases can be reduced.
Beschreibung
Marx, Matthias (2020): Abusers don’t get Privacy. Sensitively Logging and Blocking Tor Abuse. SICHERHEIT 2020. DOI: 10.18420/sicherheit2020_16. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-695-4. pp. 153-158. Doktorandenforum. Göttingen, Germany. 17.-20. März 2020
Schlagwörter
Tor , Malicious Traffic , Intrusion Detection System
Zitierform
DOI
10.18420/sicherheit2020_16
Tags
Sammlungen
P301 - Sicherheit 2020 - Sicherheit, Schutz und Zuverlässigkeit