[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why TOR Operators SHOULD always sniff their exit traffic...

Hi Eugene ,
I would say hard to intercept or trace under certain conditions rather than "unblockable"
A tor carrying worm communicating via DNS tunneling might have considerable more success for the immediate future
in penetrating "the Great FireWall of China"... although due to serialization concerns DNS/UDP is MUCH more suitable for first having a UDP/IP/TLS transport run over it first OpenVPN is what comes to mind and then anonymous circuits via tor/TCP could then be added. Its actually pretty neat/fast/cute on OC1 and faster networks . And it is a tremendous CPU hog as a server. plan for VIA Nehemiah? class processors with embedded AES crypto support and custom drivers for SSL/TLS possibly(ah the price of bleeding edge!!)

see "Black OPS of DNS" at Dan Kaminsky s site www.doxpara.org for details on DNS tunneling .(I have spammed this list too much tonite according to at least one person:).. Dan has ssh and audio transports working via perl code over DNS/UDP. He has given demos at Codecon and other places for the past year or so of this capability..(there were 2 earlier efforts I am aware of that went public)

a tor operator
ps JAP was tapped on at least one occasion via court order, and I believe at one point there were plans to have JAP support at least tor client usage, did that ever happen?

Eugen Leitl wrote:

On Fri, Jun 10, 2005 at 08:59:21AM +0200, Kristian K?hntopp wrote:

On Wednesday 08 June 2005 21:51, tor wrote:

Of particular interest is the increasing
sophistication of automated worm-based attacks. He cites the
developing W32.spybot.KEG
worm -- once inside a network it scans for several
vulnerabilities and reports its findings via IRC.

And Sober variants routinely use JAP to fetch updates.

There no reason for a worm to not use a P2P onion network for control traffic, and unblockable software updates. Sooner or later it's bound to happen.

A Tor worm in China would actually be a good thing.