[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Rogue exit nodes - checking?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Rogue exit nodes - checking?
From: "John M. Schanck" <jms07@xxxxxxxxxxxxx>
Date: Sun, 20 Jun 2010 19:09:52 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 20 Jun 2010 19:10:05 -0400
In-reply-to: <AANLkTimNiCJ_qiKDaMiswQZpz93C11tqJ2i9ponGy8xk@xxxxxxxxxxxxxx>
References: <4C1B1AE6.9060209@xxxxxxxxx> <4C1B4AD9.9070107@xxxxxxx> <4C1C704A.6020305@xxxxxxxxx> <20100619110450.GB11758@xxxxxxxxxx> <4C1D3493.4060003@xxxxxxxxx> <AANLkTin7J8UN3es3VlaloD_MAFT1xWi44POzGDiUqGb5@xxxxxxxxxxxxxx> <AANLkTimUQqLvrG8_acfzdckSdeC3TNs_mnInNh6oIIAJ@xxxxxxxxxxxxxx> <AANLkTimNiCJ_qiKDaMiswQZpz93C11tqJ2i9ponGy8xk@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Sun, Jun 20, 2010 at 11:58:45PM +0200, slush wrote:
[snip]
> There are two ways how to fight attackers:
> a) Opensource scanner and beat them by spending months on scanner improvements.
> b) Leave scanner closed and piss them up (my way)

I think you and Anders are both oversimplifying the situation. An attacker may
be able to determine the profile for a normal Tor user, and they may determine
the profile for an exit scanner - but our job in designing any scanner (open or
closed source) is to make the task of delineating between the two as difficult as
possible. As I'm sure you're aware, we can actually quantify how difficult such
a task is using information theoretic techniques, and so we may develop an
objective measure for comparing scanners which is entirely independent of their
being open or closed source.

That said, SoaT also has a "closed source" component, specifically the
configuration file we actually use when running it. Withholding this
information makes an attackers job somewhat harder, so there is
something to be said for not revealing your hand too soon.

> I think your irony isn't outright. Trust me I didn't spend almost year
> of my life on bullshit.
> 
> John: I know SoaT quite well, I originally consider to improve it. But
> my attitude is quite different. SoaT checks everything else than
> content (as you wrote: SSL, policy etc) - and throws many false
> positives once content differs a bit. I'm interested just in content.
> 
> Marek

Marek: I for one highly doubt that you spent a year of your life on
bullshit and would be very interested in reading your thesis and
discussing this topic further - is it available online? SoaT does
somewhat more subtle content scans than you make it out to, but I'll
agree they're far from perfect, and that's why I'm spending several
months of my life working to improve them :).

Cheers,
John

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkwen5EACgkQke2DTaHTnQlJ1gCeJllRlBoUnE7KL9laDCJbIwkc
vikAoI9rtTJUunqWoUUtDVUuY/E0KjpG
=K4Aw
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkwen8AACgkQke2DTaHTnQlFZwCfRmOtDdaD+ffz/ZBoNl785f7T
9qwAni5D4vJAuqjE/tAe2AuS3ZlTwQH8
=rg20
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Downloading attachments with Tor - is this secure?
  - From: Matthew
- Re: Downloading attachments with Tor - is this secure?
  - From: Aplin, Justin M
- Re: Downloading attachments with Tor - is this secure?
  - From: Matthew
- Re: Downloading attachments with Tor - is this secure?
  - From: Mike Perry
- Rogue exit nodes - checking?
  - From: Matthew
- Re: Rogue exit nodes - checking?
  - From: slush
- Re: Rogue exit nodes - checking?
  - From: Anders Andersson
- Re: Rogue exit nodes - checking?
  - From: slush

Prev by Author: Re: Rogue exit nodes - checking?
Next by Author: Network Map showing a major difference in public relays
Previous by thread: Re: Rogue exit nodes - checking?
Next by thread: Re: Rogue exit nodes - checking?
Index(es):
- Author
- Thread