[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re: TorChat is a security hazard (Answer)

To: Michael Blizek <michi1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Bernd Kreuss <prof7bit@xxxxxxxxxxxxxx>
Subject: Re: Re: TorChat is a security hazard (Answer)
From: prof7bit@xxxxxxxxxxxxxx
Date: Sun, 12 Dec 2010 21:08:51 +0000
Cc: or-talk@xxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 12 Dec 2010 16:09:00 -0500
In-reply-to: <20101212182046.GB2021@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Dec 12, 2010 7:20pm, Michael Blizek <michi1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> I meant that A will connect intentionally to B, e.g. A wants to talk to B. B
>
> can then send messages to C which seem to came from A. However, C will talk
>
> back directly to A and the manipulation will most likely be detected...

Yes. The innocent client C will then start talking with A and send its own address. A will then directly connect back to C and complete the handshake with C.

I'm not 100% sure without looking into the sourcecode now (2 years since i wrote it) what exactly will happen with the wrong pong message from C that should have come as the ping response from B. It should ignore it because pong sender does not match the initial ping recipient. But I'm 100% sure that it would *not* lead to a stable connection (status: online, nomal behavior) or even a completed handshake at all.

It might be suitable for some kind of DOS attack against a connection between A and C.

Bernd

References:
- Re: TorChat is a security hazard (Answer)
  - From: Michael Blizek

Prev by Author: Re: OT- email
Next by Author: Re: Re: TorChat is a security hazard (Answer)
Previous by thread: Re: TorChat is a security hazard (Answer)
Next by thread: Re: Re: TorChat is a security hazard (Answer)
Index(es):
- Author
- Thread