[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] MITM attack on TLS

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] MITM attack on TLS
From: Justin <davisjustin002@xxxxxxxxx>
Date: Sat, 21 Nov 2015 16:58:04 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 21 Nov 2015 17:58:19 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:message-id:mime-version:subject:date:references :to:in-reply-to; bh=1BDqWioHQPcA7LIf3M/LrDR/56Xzjkgbp0qmqmwPxbI=; b=uVroe55pYl7HSTQW0QxPpgOp+tUmycwlnho+kuV6c2UaVCmPD6E1Gn3NMSu4OWMyAv OLLPJtJT/aAJMjUCQ/LW4pEoIM97YViygbRcRrhRIhsztsKwO7F01jMNSxZp7z0nI+4A F7WtsEbESRVtxJHmLZh3pGaM+XgWrE3M+N41TDwS6rcQ9KY8DYMrrayiBo9fo3PxwfFk YZvKrx43ewQ8UFj69cdI6ZSY1bJ6evJP8m7H9O4Pa35lvHK+1hQduA88uQH6U/we6EpY 6XMEFvkl9CZa4LLDA9IKcq++QoNMtWAq0gfCH01cdsgnHokl0F6nW0F2xqAiUtZSTBTJ rHJw==
In-reply-to: <20151121223649.298b9699.mbm@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@xxxxxxxxxxxxxx> <564F9FD7.3060803@xxxxxxxxxx> <AA7E7174-841B-4710-BFFA-0CE406F9F22F@xxxxxxxxx> <564FA467.3060905@xxxxxxxxxx> <CAB7TAMmfAUO1+_kFhMXvSKGZCaBp-ZuMQ8BzHYt_GqphojEofA@xxxxxxxxxxxxxx> <8AAB7E6C-291F-41B8-B8DC-C0D4CB2F37B9@xxxxxxxxx> <20151121214350.GF16523@xxxxxxxxxxxxxx> <CAB7TAMn2R01A7po+bpZX34RDgWZ4CMv2PqZi7vvDaj4fMRz0ww@xxxxxxxxxxxxxx> <20151121223649.298b9699.mbm@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello,
You would be correct normally, but at school, I know the IT guy very well.  I have calculated that he is probably too lazy to check his logs.  He usually doesnât check things out until someone tells him that a problem is occurring.  Even if Meek-Google is broken, I got more information from him that would indicate that he probably wonât MITM Meek-Amazon or Azure.  If it does become dangerous, I will switch to one of those.
> On Nov 21, 2015, at 4:36 PM, mick <mbm@xxxxxxxxxx> wrote:
> 
> On Sat, 21 Nov 2015 16:56:12 -0500
> Allen <allenpmd@xxxxxxxxx <mailto:allenpmd@xxxxxxxxx>> allegedly wrote:
> 
>>> 
>>>> SSH is probably more dangerous than OBFS4 because it coulee be
>>>> detected
>>> with a DPI fingerprint.  They might question that.  I think Tor with
>>> transports is good.
>>> 
>>> On that paranioa level OBFS4 is as dangerous as SSH - it doesn't
>>> matter if they see traffic they can fingerprint as ssh or they see
>>> traffic they cannot fingerprint. They get suspicious in both cases.
>>> 
>>> 
>> Personally, I would think SSH is much safer.  It is used by IT people
>> all the time for server management, so they will understand it.  The
>> destination address will be a cloud server, which you can simply say
>> you are using for a personal project.  OBFS4 on the other hand is not
>> normally used by IT people--it is used to get around IT people.  They
>> will immediately be very suspicious if they are able to figure out the
>> protocol.  And the destination IP address is who-knows-what, which
>> could by itself raise questions and might even lead them to think a
>> computer on their network could be infected with a virus that needs
>> immediate investigation.  In the end, a protocol they know and
>> understand and use in their own work will be much less threatening to
>> them than something they don't.
> 
> To the OP (and others who may wish to try something similar) my strong
> advice is "don't, just don't". I've been a network admin and sysadmin
> on corporate systems. Unauthorised traffic on such a network /will/
> attract attention, /will/ piss off the admins and almost /certainly
> will/ result in disciplinary action including and up to summary
> dismissal depending upon the terms of your contract.
> 
> Mick
> 
> ---------------------------------------------------------------------
> 
> Mick Morgan
> gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
> http://baldric.net <http://baldric.net/>
> 
> ---------------------------------------------------------------------
> 
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx <mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx>
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] MITM attack on TLS
  - From: Ivan Markin

References:
- [tor-talk] MITM attack on TLS
  - From: Justin Davis
- Re: [tor-talk] MITM attack on TLS
  - From: Ivan Markin
- Re: [tor-talk] MITM attack on TLS
  - From: Justin
- Re: [tor-talk] MITM attack on TLS
  - From: Ivan Markin
- Re: [tor-talk] MITM attack on TLS
  - From: Allen
- Re: [tor-talk] MITM attack on TLS
  - From: Justin
- Re: [tor-talk] MITM attack on TLS
  - From: Andreas Krey
- Re: [tor-talk] MITM attack on TLS
  - From: Allen
- Re: [tor-talk] MITM attack on TLS
  - From: mick

Prev by Author: Re: [tor-talk] MITM attack on TLS
Next by Author: Re: [tor-talk] MITM attack on TLS
Previous by thread: Re: [tor-talk] MITM attack on TLS
Next by thread: Re: [tor-talk] MITM attack on TLS
Index(es):
- Author
- Thread