[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SANS Paper: Detecting Tor

I just read this article in the SANS reading room called "Detecting and Preventing Anonymous Proxy Usage"


From the article:
Wireshark's ability to reconstitute a TCP stream was used to observe the content being sent and received. I noticed a string that the client sends out each time it establishes a connection with Tor.  The string is as follows: Tor1.0 U Client <identity>0

Can anyone speak to this?