[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why TOR Operators SHOULD always sniff their exit traffic...

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Why TOR Operators SHOULD always sniff their exit traffic...
From: tor <tor@xxxxxxxxxxxxxxx>
Date: Fri, 10 Jun 2005 02:28:20 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 10 Jun 2005 05:25:49 -0400
In-reply-to: <20050610084335.GW25947@leitl.org>
References: <20050608185712.43788.qmail@web26404.mail.ukl.yahoo.com> <42A742AB.1060807@algae-world.com> <42A74C28.6040307@algae-world.com> <200506100859.22666.kris@koehntopp.de> <20050610084335.GW25947@leitl.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)

Hi Eugene , I would say hard to intercept or trace under certain conditions rather than "unblockable" A tor carrying worm communicating via DNS tunneling might have considerable more success for the immediate future in penetrating "the Great FireWall of China"... although due to serialization concerns DNS/UDP is MUCH more suitable for first having a UDP/IP/TLS transport run over it first OpenVPN is what comes to mind and then anonymous circuits via tor/TCP could then be added. Its actually pretty neat/fast/cute on OC1 and faster networks . And it is a tremendous CPU hog as a server. plan for VIA Nehemiah? class processors with embedded AES crypto support and custom drivers for SSL/TLS possibly(ah the price of bleeding edge!!)

see "Black OPS of DNS" at Dan Kaminsky s site www.doxpara.org for details on DNS tunneling .(I have spammed this list too much tonite according to at least one person:).. Dan has ssh and audio transports working via perl code over DNS/UDP. He has given demos at Codecon and other places for the past year or so of this capability..(there were 2 earlier efforts I am aware of that went public)

a tor operator ps JAP was tapped on at least one occasion via court order, and I believe at one point there were plans to have JAP support at least tor client usage, did that ever happen?

Eugen Leitl wrote:

On Fri, Jun 10, 2005 at 08:59:21AM +0200, Kristian K?hntopp wrote:

On Wednesday 08 June 2005 21:51, tor wrote:

Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC.

And Sober variants routinely use JAP to fetch updates.
There no reason for a worm to not use a P2P onion network for control
traffic, and unblockable software updates. Sooner or later it's bound to
happen.
A Tor worm in China would actually be a good thing.

References:
- Re: IRCNet abuse
  - From: Robert Mischke
- Re: IRCNet abuse
  - From: tor
- Why TOR Operators SHOULD always sniff their exit traffic...
  - From: tor
- Re: Why TOR Operators SHOULD always sniff their exit traffic...
  - From: Kristian Köhntopp
- Re: Why TOR Operators SHOULD always sniff their exit traffic...
  - From: Eugen Leitl

Prev by Author: call for OR-policy mailing list
Next by Author: Help-Linux-Newbe
Previous by thread: Re: Why TOR Operators SHOULD always sniff their exit traffic...
Next by thread: Re: IRCNet abuse
Index(es):
- Author
- Thread