[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
From: "Steven J. Murdoch" <tortalk+Steven.Murdoch@xxxxxxxxxxxx>
Date: Wed, 21 Dec 2011 23:32:35 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Dec 2011 18:32:51 -0500
In-reply-to: <4EF1DBCA.5040101@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4EF04331.20708@xxxxxxxxxxxxxxx> <CAD8GWstvNas1A8oqPUmruHGFSHvPkGaER+3WdjHa910ZZoqC-w@xxxxxxxxxxxxxx> <4EF0D586.7040305@xxxxxxxxxxxxxxx> <20111221125902.GA28637@xxxxxxxxxxxxxxxxxxxxxxxxx> <4EF1DBCA.5040101@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)

On Wed, Dec 21, 2011 at 02:14:50PM +0100, Fabio Pietrosanti (naif) wrote:
> If we would send "1 packet" every minute, it would take about 22hours to
> complete the scan, bypassing almost any portscan detection system.
> 
> That way it would still be possible to map the opened ports / service
> version, but without creating alarm or abuse complain.

I'm still highly unconvinced. If an institution has a policy that port scans are
suspicious and to be avoided, making the scans more stealthy could be
counterproductive. It might well make them harder to detect, but when they are
detected it will look even more suspicious. I'm also not convinced a slow port
scan will help much given that this is a common black-hat technique and thus the
sort of signature which will make it into an IDS.

Even if we could avoid detection, I don't see much of an advantage to a port
scan. Nowadays open ports are a very poor guide to actual system security. I'd
expect that practical security vulnerabilities will be the result of bad
passwords, old versions of daemons, insecure web applications, and so on; not
because someone has installed an inherently insecure daemon.

Steven.

-- 
http://www.cl.cam.ac.uk/users/sjm217/
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Lee
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Steven J. Murdoch
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Next by Author: Re: [tor-talk] New arm version doesn't show connections
Previous by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Next by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Index(es):
- Author
- Thread