[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Is this a practical vulnerability?
On 19/10/2012 15:40, Lee Whitney wrote:
There are actually two possible explanations for what you saw:
1) Tor was compromised
If it was compromised then why would they have hacked the web server in
that manner and with such inaccuracy?
2) Your IP was discovered
Well, as I said, I tested the web pages for leakage. There was none.
Maybe the test request you made logged your IP and then it could be
anywhere. Also as you know people are constantly scanning subnets for
servers.
I don't discount government snooping, it just seems a little crude for
them to be tripping alarm bells on a small unknown target.
Perhaps they though I'd have no firewall and no logs.
Yes there are scanners, these were already blocked, but the web server
only went on-line the day the hidden service went in and it went
off-line 48 hrs later.
I never saw another such attack, neither before or after that. The
attacks stopped just a few days after I shut the service down.
When you consider that Tor hidden services could be used for all manner
of mil/intel purposes by any country with an internet connection and a
pc, then it begins to make sense. Its not JUST snooping on Joe public.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk