[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SANS Paper: Detecting Tor



I just read this article in the SANS reading room called "Detecting and Preventing Anonymous Proxy Usage"

http://www.sans.org/reading_room/whitepapers/detection/32943.php

From the article:
Wireshark's ability to reconstitute a TCP stream was used to observe the content being sent and received. I noticed a string that the client sends out each time it establishes a connection with Tor.  The string is as follows: Tor1.0 U Client <identity>0

Can anyone speak to this?