[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [OT] shocking incident in software incident (Bob)





Ayesa, thanks for your advise. I have come to know from this incident from a source and I am sorry for those employees. I shared the information with [OT] tag to support the cause. I agree with you, they need job first.

thanks


On Monday 30 November 2015 02:20 PM, Ayase wrote:
  Bob, with respect, stop. Have you ever considered the reason why they're closing down and not paying anyone is because the company is absolutely broke? It's a very common occurrence in economics for a business to appear booming and fluid to the public, but have no money in actuality. Yeah, it sucks. No jobs and no warning is pretty shit, but sometimes this happens. The people should be instantly planning to look for another job and pursue action later, not pursue action now and then complain because their lawsuit fails and they're homeless.

Monday, November 30, 2015 12:00 PM UTC from tor-talk-request@xxxxxxxxxxxxxxxxxxxx:

Send tor-talk mailing list submissions to
tor-talk@xxxxxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
or, via email, send a message with subject or body 'help' to
tor-talk-request@xxxxxxxxxxxxxxxxxxxx

You can reach the person managing the list at
tor-talk-owner@xxxxxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-talk digest..."


Today's Topics:

    1. TOR and Obfsproxy packet size (Amin s)
    2. [OT] shocking incident in software incident (Bob)
    3. Re: TOR and Obfsproxy packet size (Justin)
    4. Re: [OT] shocking incident in software incident (Justin)
    5. Re: TOR and Obfsproxy packet size (Philipp Winter)
    6. Re: TOR and Obfsproxy packet size (Amin s)


----------------------------------------------------------------------

Message: 1
Date: Sun, 29 Nov 2015 18:35:12 +0330
From: Amin s < asgetlostman@xxxxxxxxx >
To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] TOR and Obfsproxy packet size
Message-ID:
< CAPrtOHP7CGRmrcsHNc7KtSA2Cm1NJ=Af1i5CMf7y=LN3H5q2_g@xxxxxxxxxxxxxx >
Content-Type: text/plain; charset=UTF-8

I have some questions about TOR and Obfsproxy packet size.

    1. TOR cell size is 512 bytes but most TOR packets have size of 586
    bytes [1].

My question is that why there is such difference in size (74 bytes
difference)?

    1. In my own testing, instead of TOR packets with size of 586 bytes,
    there are packets with size of 543 bytes in TOR traffic and packets with
    size of 565 bytes in Obfsproxy traffic.

My question here is that why doesn't TOR or Obfsproxy generate 586 bytes?
the size that reported in lots of papers like link [1] ?

    1. In my own testing on TOR traffic, from 9939 packets that were sent
    from client to server, there were 2648 packets with different sizes than
    543, like 126,1086,1629,4101,612 and so on.

If TOR cell size is fixed, then why are there packets with different sizes
than 543? (why don't all of the packets have the same 543 bytes in size?)

Relating to above question, there are lots of packets with size of 1460
bytes in backward direction (from server to client). So what happens to the
fixed cell size?


[1]  http://arxiv.org/pdf/1305.3199.pdf


------------------------------

Message: 2
Date: Sun, 29 Nov 2015 15:45:14 +0000
From: Bob < bobnlinux@xxxxxxxxx >
To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] [OT] shocking incident in software incident
Message-ID: < 565B1D8A.2040206@xxxxxxxxx >
Content-Type: text/plain; charset=utf-8; format=flowed

Dear list,

A shocking incident in software industry has been reveled recently. I'm
sharing it here so that more people can support the cause.

    https://www.change.org/p/andi-puehringer-netzrezepte-de-netzrezepte-technologies-pvt-ltd-clear-pending-salaries-and-compensate-for-our-job-loss




------------------------------

Message: 3
Date: Sun, 29 Nov 2015 16:18:03 -0600
From: Justin < davisjustin002@xxxxxxxxx >
To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TOR and Obfsproxy packet size
Message-ID: < E2BB6230-FAB6-4349-8FBD-A46E5DA7E597@xxxxxxxxx >
Content-Type: text/plain; charset=utf-8

Hello,
I?m not sure what the answer to your question about regular Tor is.  When it comes to Obfsproxy changing the 586 byte size, it?s to evade filters that use that to help block Tor.  The other packet length fluctuations would indicate that Obfsproxy makes the sizes of packets different so that it?s very difficult for a Deep packet inspection unit to fingerprint packet size and block Tor.

On Nov 29, 2015, at 9:05 AM, Amin s < asgetlostman@xxxxxxxxx > wrote:

I have some questions about TOR and Obfsproxy packet size.

   1. TOR cell size is 512 bytes but most TOR packets have size of 586
   bytes [1].

My question is that why there is such difference in size (74 bytes
difference)?

   1. In my own testing, instead of TOR packets with size of 586 bytes,
   there are packets with size of 543 bytes in TOR traffic and packets with
   size of 565 bytes in Obfsproxy traffic.

My question here is that why doesn't TOR or Obfsproxy generate 586 bytes?
the size that reported in lots of papers like link [1] ?

   1. In my own testing on TOR traffic, from 9939 packets that were sent
   from client to server, there were 2648 packets with different sizes than
   543, like 126,1086,1629,4101,612 and so on.

If TOR cell size is fixed, then why are there packets with different sizes
than 543? (why don't all of the packets have the same 543 bytes in size?)

Relating to above question, there are lots of packets with size of 1460
bytes in backward direction (from server to client). So what happens to the
fixed cell size?


[1]  http://arxiv.org/pdf/1305.3199.pdf
--
tor-talk mailing list -  tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


------------------------------

Message: 4
Date: Sun, 29 Nov 2015 16:24:01 -0600
From: Justin < davisjustin002@xxxxxxxxx >
To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [OT] shocking incident in software incident
Message-ID: < 4D064E39-39B6-4138-8ABF-695352E9F98E@xxxxxxxxx >
Content-Type: text/plain; charset=utf-8

Ok?  I?m just going to say that the article has nothing to do with Tor.

On Nov 29, 2015, at 9:45 AM, Bob < bobnlinux@xxxxxxxxx > wrote:

Dear list,

A shocking incident in software industry has been reveled recently. I'm sharing it here so that more people can support the cause.

  https://www.change.org/p/andi-puehringer-netzrezepte-de-netzrezepte-technologies-pvt-ltd-clear-pending-salaries-and-compensate-for-our-job-loss


--
tor-talk mailing list -  tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


------------------------------

Message: 5
Date: Sun, 29 Nov 2015 19:31:52 -0500
From: Philipp Winter < phw@xxxxxxxxx >
To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TOR and Obfsproxy packet size
Message-ID: < 20151130003152.GE3146@xxxxxxxxx >
Content-Type: text/plain; charset=us-ascii

On Sun, Nov 29, 2015 at 06:35:12PM +0330, Amin s wrote:
    1. TOR cell size is 512 bytes but most TOR packets have size of 586
    bytes [1].

My question is that why there is such difference in size (74 bytes
difference)?
The difference is caused by the protocol headers that are wrapped around
Tor cells; IP, TCP, and TLS.

    1. In my own testing, instead of TOR packets with size of 586 bytes,
    there are packets with size of 543 bytes in TOR traffic and packets with
    size of 565 bytes in Obfsproxy traffic.

My question here is that why doesn't TOR or Obfsproxy generate 586 bytes?
the size that reported in lots of papers like link [1] ?
How did you run your test?  543 sounds like the TCP segment length and
not like the length of the IP packet.

Also, obfsproxy is just a framework.  Which obfuscation protocol did you
run?  Obfs3?

    1. In my own testing on TOR traffic, from 9939 packets that were sent
    from client to server, there were 2648 packets with different sizes than
    543, like 126,1086,1629,4101,612 and so on.

If TOR cell size is fixed, then why are there packets with different sizes
than 543? (why don't all of the packets have the same 543 bytes in size?)
First, Tor has static-length and variable-length cells, so it's not
entirely fixed.  Second, what actually ends up on the wire isn't only up
to the tor client.  It depends on TCP, which tries to fill the link MTU
if there's enough data in the send buffer.

[1]  http://arxiv.org/pdf/1305.3199.pdf
You should read the peer-reviewed version of this paper instead:
< http://www.cs.kau.se/philwint/pdf/wpes2013.pdf >

Cheers,
Philipp


------------------------------

Message: 6
Date: Mon, 30 Nov 2015 15:00:35 +0330
From: Amin s < asgetlostman@xxxxxxxxx >
To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TOR and Obfsproxy packet size
Message-ID:
< CAPrtOHPkFMqijanYuO0MHC7nbMKNYKwBfxXEaSYmaYBQ+rrhSw@xxxxxxxxxxxxxx >
Content-Type: text/plain; charset=UTF-8

Hi Philipp,

The difference is caused by the protocol headers that are wrapped around
Tor cells;
IP, TCP, and TLS.
How many bytes does TLS take?
if we say TOR cell is 512 bytes, then 512 + 20 (TCP) + 20 (IP) = 552 and
586 - 552 = 34 bytes for TLS. is it correct?

How did you run your test?  543 sounds like the TCP segment length and
not like the length of the IP packet.
Also, obfsproxy is just a framework.  Which obfuscation protocol did you
run?  Obfs3?
I used Obfs3.
I am using wireshark . i get the same packet size when using tcpdump. In
wireshark there are 5 layers. Application,Transport,IP,Ethernet and
physical layer. (in regular TOR) for the application layer it shows 543
bytes (probably TLS is included).
Overall packet size (including all layers) is 597 bytes [543 + 20 (TCP) +
20 (IP) + 14 (Ethernet) = 597 bytes].

According to what you said at first, if 586 bytes is for (cell + TLS + TCP
+ IP), then in my case
(cell + TLS + TCP + IP) equals to 543 + 20 + 20 = 583 bytes. There is 3
bytes difference here. Why is it so?
How about Obfs3 traffic that wireshark (tcpdump) shows 565 bytes for the
application layer? [565 + 20 (TCP) + 20 (IP) = 605 bytes]

First, Tor has static-length and variable-length cells, so it's not
entirely fixed.  Second, what actually ends up on the wire isn't only up
to the tor client.  It depends on TCP, which tries to fill the link MTU
if there's enough data in the send buffer.
Do you know when TOR uses static-length cell and when variable-length cell?


------------------------------

Subject: Digest Footer

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


------------------------------

End of tor-talk Digest, Vol 58, Issue 53
****************************************



--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk