[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

To: or-talk@xxxxxxxxxxxxx
Subject: Re: "Practical onion hacking: finding the real address of Tor clients"
From: coderman <coderman@xxxxxxxxx>
Date: Fri, 20 Oct 2006 15:31:22 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 20 Oct 2006 18:31:33 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CpQ8wq5ybf0EJ9thREcy573/rUl0672K8KIZUxVjbH60rMB0UX6Dj220EiFOssGmKiBEruXRmg7Z7crkD5aoVkgienH1cySqKnkS/WiHbiqNIhFKohVaVVBKZhNwW2plCLSLLLxdslSNMdhA6JECXC/3lpBn73fjAQI1TM6eyo0=
In-reply-to: <20061020201603.GE14861@itd.nrl.navy.mil>
References: <4535B995.8010304@appelbaum.net> <1161248804.28290.2514.camel@localhost.localdomain> <20061020155340.6c206ba6@localhost> <200610201949.50498.robert@roberthogan.net> <20061020201603.GE14861@itd.nrl.navy.mil>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 10/20/06, Paul Syverson <syverson@xxxxxxxxxxxxxxxx> wrote:

... What exactly is an answer? I don't know. Many
people who are on this list have hints of ideas that will help
somewhat and they have been raising them, implementing them, analyzing
them in papers, etc.


i'm fond of the transparent proxy router approach we've used to try
and fail safe for most protocols (at least with respect to the DNS
leaks and covert TCP connections via Java/Flash/etc).[1]

this doesn't do much for identifiers in the data stream (although
privoxy/squid do scrub the transparent HTTP which is visible), and
probably won't until significant effort is employed for
protocol/application specific content filtering proxies.  until then,
user beware...

It might be good to have a testing page that is part of the setup
wizards in some way as well as being fairly prominent on the homepage.


it would be nice to have a detailed proxy checker available that looks
at these Java/Flash/RealPlayer/etc holes.  right now there are a
handful of common http proxy checkers but these look for headers and
IP at best.

does such a thing exist?  i would be willing to host (although i
suspect others would have done so already were a tool available).

1. http://janusvm.peertech.org/ uses a pptp vpn connection to force a
default route through the virtual machine providing transparent TCP
and DNS proxy through Tor.  this defeats all of the covert TCP
connection attacks designed to circumvent browser/application level
SOCKS/HTTP proxy settings, but does not address identifying data
within the TCP streams. [people have been asking about non-Win
support, and this will be forthcoming in the next few months via
openvpn for *bsd/linux/solaris/mac]

Follow-Ups:
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Roger Dingledine

References:
- "Practical onion hacking: finding the real address of Tor clients"
  - From: Jacob Appelbaum
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: George Shaffer
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Fabian Keil
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Robert Hogan
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Paul Syverson

Prev by Author: Re: Tor-compatible secure email systems
Next by Author: Re: "Practical onion hacking: finding the real address of Tor clients"
Previous by thread: Re: "Practical onion hacking: finding the real address of Tor clients"
Next by thread: Re: "Practical onion hacking: finding the real address of Tor clients"
Index(es):
- Author
- Thread