Hi all, I'm sorry that there are some false positives. I did previously test against a FreeBSD tor relay and presumed NetBSD would have a similar result. Thanks for looking closely at this Ivan. It sounds like the scanner needs to be fixed. I'll try to test with a netbsd host soon. Cheers! David On Thu, Nov 17, 2016 at 07:46:00PM +0000, Ivan Markin wrote: > Hi David, > > Thanks for your work! > > dawuud: > > I added the scan output to the repo, this includes the output csv file > > and a list of vulnerable relays: > > > > https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/probe_out.csv > > https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/vulnerable_tor_relays > > FYI, I produced results with platform strings and fingerprints based on > this data [1]. > > It's pretty interesting that there are not only Linux relays are > 'vulnerable' (90 < ChACKs < 220) in David's scan: > % cat combined_results.csv | grep -v notvulnerable | grep -v Linux | > grep Tor > > Tor 0.2.8.9 on > NetBSD,3F5440FF003DFF8A12AA308CFD4087FBC157ABE0,78.47.45.36:9001,1.08132791519,500,142,vulnerable > Tor 0.2.5.10 on > NetBSD,508004552343E5374B6570C76E9239AA23310684,86.62.117.171:63500,1.00646305084,500,103,vulnerable > Tor 0.2.8.9 on > NetBSD,8806C3E6FA42B07113F3A1553DE70C0A30101201,139.18.25.35:9001,1.02995896339,500,113,vulnerable > Tor 0.2.7.6 on > FreeBSD,9C5461498004325F87C0685BDA5DA99AC5335314,62.194.144.196:9001,1.06730103493,500,211,vulnerable > Tor 0.2.8.9 on > FreeBSD,BCFE548EA3FF8A0B3610779C238350124A8ED6DE,207.172.209.83:9001,1.06568193436,500,214,vulnerable > Tor 0.2.7.6 on > NetBSD,F88C4D522EE7BD8B18B6C6418B8548E6E6BC74E9,195.43.138.226:9001,0.994502782822,500,100,vulnerable > > After I've rescanned these relays myself for several times, FreeBSD ones > stopped being 'vulnereable' while NetBSD ones somehow still reproduce > 'vulnerable' Linux status. > > I don't know why does this happen, maybe someone can scan these relays > (or maybe all NetBSD ones due to TCP stack specifics) themselves and get > different results. Anyway these are just curious false positives. > > [1] > https://github.com/nogoegst/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/combined_results.csv > > -- > Ivan Markin > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays