[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] FWD: Serious TCP Bug in Linux Systems Allows Traffic Hijacking

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] FWD: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
From: dawuud <dawuud@xxxxxxxxxx>
Date: Fri, 12 Aug 2016 15:43:20 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 12 Aug 2016 17:48:28 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1471016719; bh=X39cTK8K3x5sPp0ZWt5akWwO0+cgy2KOtKgztO/P9+o=; h=Date:From:To:Subject:References:In-Reply-To:From; b=HEaFjnI23pPapzw2hWxqnwlLQOz+YsWht4Q1aYEWOUn/OXzpF3yhqT/cdQJBOsFb0 zKJRW5XEiyX+q2J/tHvfcq+00WI8rgWqkQNm3kGHDbNhsFTNq28S3fKXqkacA8fTuQ yFeA41+JVqUDTZKqHhm2OuNSWQY5SO7diDdd1Jz4=
In-reply-to: <57ADDF8E.4020106@tramacci.org>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <86eg6g0yer.fsf@atlantis.meejah.ca> <867fbnvsj9.fsf@atlantis.meejah.ca> <57ADDF8E.4020106@tramacci.org>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Dear Liste, concerned Tor relay operators, TCP abolitionists and so called network forensics experts,


We already have several tools that can detect various types of TCP injection attacks; for instance:
https://github.com/david415/HoneyBadger


For fun I'll write some TCP inference exploits as described in that most excellent paper
so everyone can enjoy blind TCP injection attacks. I'll be sure to post my results here later...
unless i get completely distracted by yet another software development project.

meow >.< 

David

On Fri, Aug 12, 2016 at 04:39:10PM +0200, Liste wrote:
> 
> https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijacking/119804/
> 
> … The vulnerable TCP implementation (CVE-2016-5696) could affect an
> untold number of devices running Linux, including embedded computers,
> mobile phones and more. …
> 
> … Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote. …
> 
> 
> ...Systems Allows Traffic Hijacking https://wp.me/p3AjUX-vak
> Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote.
> 
> See more at: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
> https://wp.me/p3AjUX-vak
> Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote.
> 
> See more at: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
> https://wp.me/p3AjUX-vak
> Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote.
> 
> See more at: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
> https://wp.me/p3AjUX-vak

> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] txtorcon 0.15.1
  - From: meejah
- [tor-dev] FWD: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
  - From: Liste

Prev by Author: Re: [tor-dev] txtorcon 0.15.1
Next by Author: [tor-dev] Not enabling IPv6 on check.torproject.org?
Previous by thread: [tor-dev] FWD: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
Next by thread: Re: [tor-dev] txtorcon 0.15.1
Index(es):
- Author
- Thread