[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: SANS Paper: Detecting Tor
On Sun, Nov 09, 2008 at 09:58:22PM -0500, Roc Admin wrote:
> I just read this article in the SANS reading room called "Detecting and
> Preventing Anonymous Proxy Usage"
> From the article:
> Wireshark's ability to reconstitute a TCP stream was used to observe the
> content being sent and received. I noticed a string that the client sends
> out each time it establishes a connection with Tor. The string is as
> follows: Tor1.0 U Client <identity>0
> Can anyone speak to this?
I suspect it refers to the old 0.1.2.x versions of Tor, back when we
wrote deterministic strings in our TLS certificates.
Tor 0.2.0.x and later don't do that.