[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Filtering out attacks?



On 5/17/05, alexyz@xxxxxxxxxx <alexyz@xxxxxxxxxx> wrote:
> I wasn´t really thinking of high level filtering such as IP filtering or content filtering but more
> on (invalid) packet header filtering. For example, deliberate use of bad checksums, unusual
> TCP flags or IP options, invalid sequence numbers, spoofed addresses, duplicate TCP
> packets with differing payloads, packets with short TTLs that expire between targets, and so
> on. Yes, this would break the connection after the node had negotiated with the client but
> you can argue that the packets were invalid in the first place and should not be sent at all.

None of this is possible. Tor is transporting TCP streams of data,
thus the streams are reconstituted at each hop. For an attacker to
control seq numbers, TTLs and the like Tor would have to transport
specific IP datagrams. It does not.


AGL

-- 
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60