[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] network scan results for CVE-2016-5696 / rfc 5961



Hi David,

Thanks for your work!

dawuud:
> I added the scan output to the repo, this includes the output csv file
> and a list of vulnerable relays:
> 
> https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/probe_out.csv
> https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/vulnerable_tor_relays

FYI, I produced results with platform strings and fingerprints based on
this data [1].

It's pretty interesting that there are not only Linux relays are
'vulnerable' (90 < ChACKs < 220) in David's scan:
% cat combined_results.csv | grep -v notvulnerable | grep -v Linux |
grep Tor

Tor 0.2.8.9 on
NetBSD,3F5440FF003DFF8A12AA308CFD4087FBC157ABE0,78.47.45.36:9001,1.08132791519,500,142,vulnerable
Tor 0.2.5.10 on
NetBSD,508004552343E5374B6570C76E9239AA23310684,86.62.117.171:63500,1.00646305084,500,103,vulnerable
Tor 0.2.8.9 on
NetBSD,8806C3E6FA42B07113F3A1553DE70C0A30101201,139.18.25.35:9001,1.02995896339,500,113,vulnerable
Tor 0.2.7.6 on
FreeBSD,9C5461498004325F87C0685BDA5DA99AC5335314,62.194.144.196:9001,1.06730103493,500,211,vulnerable
Tor 0.2.8.9 on
FreeBSD,BCFE548EA3FF8A0B3610779C238350124A8ED6DE,207.172.209.83:9001,1.06568193436,500,214,vulnerable
Tor 0.2.7.6 on
NetBSD,F88C4D522EE7BD8B18B6C6418B8548E6E6BC74E9,195.43.138.226:9001,0.994502782822,500,100,vulnerable

After I've rescanned these relays myself for several times, FreeBSD ones
stopped being 'vulnereable' while NetBSD ones somehow still reproduce
'vulnerable' Linux status.

I don't know why does this happen, maybe someone can scan these relays
(or maybe all NetBSD ones due to TCP stack specifics) themselves and get
different results. Anyway these are just curious false positives.

[1]
https://github.com/nogoegst/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/combined_results.csv

--
Ivan Markin
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays