[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

SANS Paper: Detecting Tor

To: or-talk@xxxxxxxxxxxxx
Subject: SANS Paper: Detecting Tor
From: "Roc Admin" <onionroutor@xxxxxxxxx>
Date: Sun, 9 Nov 2008 21:54:53 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 09 Nov 2008 21:55:00 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=qVtdjr9KkZWShuGLms9Wvb6c8LKR5F+2mU4RSEwX/fg=; b=s2Xcswg66LkCaojWCk8QGsO2vfMZc6TVPgRLv9tu51I2MvcFEBUZuGmDXmnqb3o5Ib qSqnyHvXEfl2i2ixdJ0zcwX+13/WvWOuKTc/5f9zSWDaYHMlG1qnbegz2yH5L+WJjlYg pckJ1A9IveMN3Tj/gj7JZQm+zSi1+dofu/44U=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=qXV7CJWpQ9EIPm7O2+uz8EBFwesSUcfIfPSX1GomUVas35p+V9UZ9Wr/KFdOXzevos bdS4dbgJsVjjCY4MdO6mRG2kNezBq2rsZfmvsRKrSKsk22DsPEuMiMLmY9WGQvL8uXH5 U7JunknqmCE4KsOFJagr2AJmHn1wudwys21fM=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

I just read this article in the SANS reading room called "Detecting and Preventing Anonymous Proxy Usage"

http://www.sans.org/reading_room/whitepapers/detection/32943.php

From the article:
Wireshark's ability to reconstitute a TCP stream was used to observe the content being sent and received. I noticed a string that the client sends out each time it establishes

Follow-Ups:
- Re: SANS Paper: Detecting Tor
  - From: Nick Mathewson
- Re: SANS Paper: Detecting Tor
  - From: Roc Admin

Prev by Author: Re: Limiting hops
Next by Author: Re: SANS Paper: Detecting Tor
Previous by thread: Re: Kudos on memory usage in 0.2.X
Next by thread: Re: SANS Paper: Detecting Tor
Index(es):
- Author
- Thread