[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: client bug in 0.2.2.7-alpha and a new bad exit: exoassist



     On Mon, 1 Feb 2010 09:49:00 -0500 Flamsmark <flamsmark@xxxxxxxxx>
wrote:
>On 31 January 2010 23:36, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>
>> I don't see it as being useful for attack if the user
>> only uses it to test for bad exits.
>
>
>I was under the impression that the attack risk came from the possibility
>that a malicious site would link to an evil-node.exit under their control
>(perhaps in an embedded iframe), thus reducing the effective number of hops
>by one, which is a Bad Thing TM.
>
     I'm not following what you're saying.  Route selection is under the
control of the client, as is the actual construction of the circuit.  The
client confirms that it is communicating with the chosen node by verifying
its key at the time each node is added to the circuit.  The .exit notation
is simply used to tell the client which exit to use at the end of a circuit.
I thought that the "attack" would simply be to recognize the destination
IP addresses for exit requests at a particular exit as being characteristic
of some particular client in attempting to build a profile of that client
in the hope of later recognizing the same client using that exit.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/