[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Systematically finding bad relays (was: Anecdotical experience of SSH MITM)
Ooooooh, fascinating.
The academic paper is interesting and covers the high points of the
type of things you would want to look for. And some things you
wouldn't think that you should, like connection sampling rather than
binary "is sniffing" / "is not sniffing". (ha ha, n^2 fuckup)
Looking at the exitmap source, as I was curious what modules
existed....the problem I see is that it does not have modules that are
capable of the more difficult to pull off things like SSH honeypot
detection.
Should have called the damn thing "inverse-metasploit".
The idea is solid but the implementation has to keep up with the
times. Specific attack vectors like
CVE-2014-3566 (or any other sort of TLS/SSL downgrade attack) need to
be tested for, and all that. Which makes the "inverse-metasploit"
notion all the more compelling.
Other things come to mind like testing for binary patching (eg, ninja
exe patching).
Some of these things are easier to detect than others.
I'm going to put a pin in this and think about it.
On Wed, Jul 19, 2017 at 3:02 PM, Philipp Winter <phw@xxxxxxxxx> wrote:
> On Wed, Jul 19, 2017 at 01:43:32PM -0500, eric gisse wrote:
>> Is there any notion of doing a sort of automated testing for things
>> like this that can be easily proven?
>
> Yes, the blog post I linked to contains some more information. We are
> using tools such as exitmap [1] to systematically scan the network for
> attacks such as DNS poisoning, SSL stripping, HTTPS MitM, and XMPP MitM,
> just to name a few. We are always looking for more ideas on what to
> scan for, so let us know if you have any!
>
> [1] <https://gitweb.torproject.org/user/phw/exitmap.git/>
> <https://nymity.ch/pdf/winter2014b.pdf>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk