On 13 August 2014 07:47, George Kadianakis desnacked@riseup.net wrote:
The fundamental issue here is that Tor does not have a primitive that detects whether the network is up or down, since any such primitive stands out to a network attacker [3].
I'm not certain this is true. Windows and Mac OS detect whether or not there is a Captive Portal/Internet connection. While one can argue this is bad practice, piggybacking on a detection mechanism used by default in widely deployed OS's seems like it would not stand out.
Windows has IsInternetConnected [0] which uses NCSI[1].
I know less about Mac, but there is SCNetowrkReachability [2]. Apparently the (undocumented) way that Apple uses to detect captive portals is [3].
It's not very clean to emulate a request instead of using an API, if it came down to it. But while it may seem dangerous to emulate a request that can change in an OS patch... the reality of it is that as long as you pay attention to the patches, you'd be able to deploy a fix long before a non-negligible portion of people patched anyway.
-tom
[0] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366143(v=vs.85).as... [1] http://blog.superuser.com/2011/05/16/windows-7-network-awareness/ [2] https://developer.apple.com/library/mac/documentation/SystemConfiguration/Re... [3] http://blog.erratasec.com/2010/09/apples-secret-wispr-request.html#.U-y2KYBd...