[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Filtering out attacks?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Filtering out attacks?
From: Adam Langley <alangley@xxxxxxxxx>
Date: Tue, 17 May 2005 22:11:47 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 17 May 2005 17:11:59 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lsxdHAOc92JyTg//n6237cLBD0udjZzJTuCdpT1pZIYjeLLwpWcQ8lpWoJvUuPTn+F0vVoSWmX9E7KsKfiZotYxYwrpVGnxsg6l2eeHvVX1IaSpZJCSUmGy17JXvdFRMCypb1I6cWUmFcKPiFlQ66hJ9GCNy7upSU7vDbastgzc=
In-reply-to: <428A32C1.13638.3D4657@localhost>
References: <4289BE84.27732.2F72733@localhost> <396556a2050517085913cc2f@mail.gmail.com> <428A32C1.13638.3D4657@localhost>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 5/17/05, alexyz@xxxxxxxxxx <alexyz@xxxxxxxxxx> wrote:
> I wasn´t really thinking of high level filtering such as IP filtering or content filtering but more
> on (invalid) packet header filtering. For example, deliberate use of bad checksums, unusual
> TCP flags or IP options, invalid sequence numbers, spoofed addresses, duplicate TCP
> packets with differing payloads, packets with short TTLs that expire between targets, and so
> on. Yes, this would break the connection after the node had negotiated with the client but
> you can argue that the packets were invalid in the first place and should not be sent at all.

None of this is possible. Tor is transporting TCP streams of data,
thus the streams are reconstituted at each hop. For an attacker to
control seq numbers, TTLs and the like Tor would have to transport
specific IP datagrams. It does not.


AGL

-- 
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60

References:
- Re: Filtering out attacks?
  - From: alexyz
- Re: Filtering out attacks?
  - From: Adam Langley
- Re: Filtering out attacks?
  - From: alexyz

Prev by Author: Re: Filtering out attacks?
Next by Author: Re: PuTTY-
Previous by thread: Re: Filtering out attacks?
Next by thread: Tor 0.1.0.7-rc is out
Index(es):
- Author
- Thread