[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Why TOR Operators SHOULD always sniff their exit traffic...
Hi Eugene ,
I would say hard to intercept or trace under certain conditions
rather than "unblockable"
A tor carrying worm communicating via DNS tunneling might have
considerable more success for the immediate future
in penetrating "the Great FireWall of China"... although due to
serialization concerns DNS/UDP is MUCH more suitable for first having a
UDP/IP/TLS transport run over it first OpenVPN is what comes to mind and
then anonymous circuits via tor/TCP could then be added. Its actually
pretty neat/fast/cute on OC1 and faster networks . And it is a
tremendous CPU hog as a server. plan for VIA Nehemiah? class processors
with embedded AES crypto support and custom drivers for SSL/TLS
possibly(ah the price of bleeding edge!!)
see "Black OPS of DNS" at Dan Kaminsky s site www.doxpara.org for
details on DNS tunneling .(I have spammed this list too much tonite
according to at least one person:).. Dan has ssh and audio transports
working via perl code over DNS/UDP. He has given demos at Codecon and
other places for the past year or so of this capability..(there were 2
earlier efforts I am aware of that went public)
a tor operator
ps JAP was tapped on at least one occasion via court order, and I
believe at one point there were plans to have JAP support at least tor
client usage, did that ever happen?
Eugen Leitl wrote:
On Fri, Jun 10, 2005 at 08:59:21AM +0200, Kristian K?hntopp wrote:
On Wednesday 08 June 2005 21:51, tor wrote:
Of particular interest is the increasingAnd Sober variants routinely use JAP to fetch updates.
sophistication of automated worm-based attacks. He cites the
worm -- once inside a network it scans for several
vulnerabilities and reports its findings via IRC.
There no reason for a worm to not use a P2P onion network for control
traffic, and unblockable software updates. Sooner or later it's bound to
A Tor worm in China would actually be a good thing.