[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is this a practical vulnerability?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Is this a practical vulnerability?
From: somepony <somepony@xxxxxxxxxxxxx>
Date: Fri, 19 Oct 2012 09:01:39 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 19 Oct 2012 11:01:08 -0400
In-reply-to: <50812A9E.4040606@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CCA62F5F.2E3F6%lee@xxxxxxxxxxxxxxx> <50812A9E.4040606@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Postbox Express 1.0.1 (Windows/20100705)

My question is, if you NEVER requested the 1 web page in the firstplace, would you have experienced the same attack? I mean if I werelooking for new live Tor services I would probably periodically justroll through unknown IPs and check for a live node (or something) as onelayer of attack. No live node, move on. Live node not alreadydiscovered? The fact that the node responds (in some manner I'm lookingfor) is enough information, it's possible I don't even care that it hasanything to do with Tor.

Just a thought, it should be clear I have no idea what I'm talkingabout. e.g. I don't know what your middleman server not getting attackedindicates.


Anon Mus wrote:

Within 24hrs of making that Tor hidden service live I could see, in myfirewall logs, hundreds of repeated attempts trying to hack my server,directly from the internet, not via my hidden Tot service.

[...]

Now bearing in mind that I had only EVER requested 1 web page (a blanktest page - requested about 4 times) from my own Torrified web browser(out and back so to speak), and no OTHER (external)

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Is this a practical vulnerability?
  - From: Anon Mus

References:
- [tor-talk] Is this a practical vulnerability?
  - From: Lee Whitney
- Re: [tor-talk] Is this a practical vulnerability?
  - From: Anon Mus

Prev by Author: Re: [tor-talk] keep session for more than 10 minutes
Next by Author: Re: [tor-talk] TorBirdy doesn't work with Gmail?
Previous by thread: Re: [tor-talk] Is this a practical vulnerability?
Next by thread: Re: [tor-talk] Is this a practical vulnerability?
Index(es):
- Author
- Thread