[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: SANS Paper: Detecting Tor
I just read this article in the SANS reading room called "Detecting and Preventing Anonymous Proxy Usage"
From the article:
Wireshark's ability to reconstitute a TCP
stream was used to observe the content being sent and received. I
noticed a string that the client sends out each time it establishes a connection with Tor. The string is as follows: Tor1.0 U Client <identity>0
Can anyone speak to this?