[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Systematically finding bad relays (was: Anecdotical experience of SSH MITM)

On Wed, Jul 19, 2017 at 04:39:41PM -0500, eric gisse wrote:
> Looking at the exitmap source, as I was curious what modules
> existed....the problem I see is that it does not have modules that are
> capable of the more difficult to pull off things like SSH honeypot
> detection.

The Tor Project maintains a second repository with more modules.
Unfortunately this repository is private because we are in an uphill
battle that is already difficult -- without our adversaries being able
to see what we scan for.  Here's some more information on that:

> The idea is solid but the implementation has to keep up with the
> times. Specific attack vectors like
> CVE-2014-3566 (or any other sort of TLS/SSL downgrade attack) need to
> be tested for, and all that. Which makes the "inverse-metasploit"
> notion all the more compelling.

Modules for that would be great.  If only there were more volunteers
working on these issues!

> Other things come to mind like testing for binary patching (eg, ninja
> exe patching).

The module "patchingCheck" (in src/modules/) does this for an executable
that's hosted on live.sysinternals.com.  Or were you thinking of
something else?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to