[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Interestingly enough...



well, on one hand, using tor is a sign of distrust towards server privacy policies and the local police subpoena and warrant policies. which is probably not unwarranted. the internet server fraternity is new to having users who can cloak their identity, so naturally like most human responses to new stimuli are wary.

i personally think tor is a good thing because it will force the issue of strong authentication, because tor allows you to avoid origin-user mapping, but this sholud never be any sign of authenticity anyway because it can be easily subverted (trojans) and because users may be mobile and frequently change their point of origin.

On 11/7/06, Jan Reister <Jan.Reister@xxxxxxxx> wrote:
On 31/10/2006 03:53, Fergie wrote:
> I found it interesting that Cisco added this their most recent IDS
> signatures:

Bleedingsnort has the following signatures:

2001728 || BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic ||
url,tor.eff.org
2002950 || BLEEDING-EDGE POLICY TOR 1.0 Server Key Retrival ||
url,tor.eff.org
2002951 || BLEEDING-EDGE POLICY TOR 1.0 Status Update || url,tor.eff.org
2002952 || BLEEDING-EDGE POLICY TOR 1.0 Inbound Circuit Traffic ||
url,tor.eff.org
2002953 || BLEEDING-EDGE POLICY TOR 1.0 Outbound Circuit Traffic ||
url,tor.eff.org

see: http://www.bleedingthreats.net/bleeding-sid-msg-map.txt

Enterasys Dragon has a TOR:NEGOTIATION rule in the MISUSE category.

My two eurocent.

Jan