[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SANS Paper: Detecting Tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: SANS Paper: Detecting Tor
From: "Roc Admin" <onionroutor@xxxxxxxxx>
Date: Sun, 9 Nov 2008 21:58:22 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 09 Nov 2008 21:58:28 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=dDMtPlt942J448YsO1AImK0Psp6oALRiHZ0s2zGQ0Ag=; b=wai6499Af47AleYLNp4G+zrBCd06wD4gqfISKmFDIiPtX6RZhTGaVJD/U1CMarYl3n mUyrPy5ZbBbxJ7/+8bNxY9n4mWR08c5X+hLUGY3Pgadchjbm1bfJrcx7bDd2VzUIURQc tz2V0p06lkSOwjATDxBlK5V2YfaMWaTI5Q+i0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=vSr1uacDL9xfGwbhuYdKAgdvuAst+Ko6OUUUSAl9zxA5ivAiujDqOD0yq36xDXk0nY BLkh5gnCG/KMx04flsGxfRowA8x94i2KpZ8C2BOUhN1Dqd5LNujEk7Ms4GQULgs9Xmwc zcMyal+nCLyLsBGg44jsAoUwHclE/6YKuNdg4=
In-reply-to: <50e60b790811091854x4abbb87ance4743d27580876d@xxxxxxxxxxxxxx>
References: <50e60b790811091854x4abbb87ance4743d27580876d@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

I just read this article in the SANS reading room called "Detecting and Preventing Anonymous Proxy Usage"

http://www.sans.org/reading_room/whitepapers/detection/32943.php

From the article:
Wireshark's ability to reconstitute a TCP stream was used to observe the content being sent and received. I noticed a string that the client sends out each time it establishes a connection with Tor. The string is as follows: Tor1.0 U Client <identity>0

Can anyone speak to this?

Follow-Ups:
- Re: SANS Paper: Detecting Tor
  - From: Roger Dingledine

References:
- SANS Paper: Detecting Tor
  - From: Roc Admin

Prev by Author: SANS Paper: Detecting Tor
Next by Author: Re: Tor From SVN on Weelky Basis
Previous by thread: SANS Paper: Detecting Tor
Next by thread: Re: SANS Paper: Detecting Tor
Index(es):
- Author
- Thread