[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services

Subject: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 18 Nov 2014 14:16:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Nov 2014 09:16:24 -0500
In-reply-to: <044.633990205f1f6cb5eab5ae86d37d071f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.633990205f1f6cb5eab5ae86d37d071f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13667: Prevent port scanning of hidden services
------------------------+------------------------------------------
     Reporter:  arma    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  SponsorR tor-hs 025-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------

Comment (by yawning):

 Drawing from the PT bag of tricks...

 5) Send back END_STREAM_REASON_DONE as if the application closed the
 connection, optionally after either a certain amount of time has passed or
 a certain amount of data has been received from the peer.  Once this
 happens once, tag the circuit as "kind of sketch", and apply the same
 policy for all new streams regardless of if the destination port is
 actually valid or not.

 It makes debugging harder, but slows down scanning as much as 2 (though a
 intelligent scanner would try common ports first), and it gives the bad
 guys more work to do post processing the results.

 Not sure about the implications for "close the stream after a while" in
 this context, parts of it scare me but it may be something that's less
 scary if the parameters are set correctly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13667#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images
Next by Author: Re: [tor-bugs] #13053 [Quality Assurance and Testing]: Write regression tests for new NoScript options
Previous by thread: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Next by thread: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Index(es):
- Author
- Thread