dawuud:
The Golang rewrite of the scanner is cool!
Thanks!
btw i'm surprised you wrote https://github.com/nogoegst/rough/blob/master/tcp.go instead of using https://github.com/google/gopacket
You shouldn't; rough is just a convenient wrapper on top of TCP-ish stuff from gopacket (it makes TCP hacks simpler).
Maybe you could also implement my Tor guard discovery attack that uses this vulnerability?
Why not. I just don't know what the attack is. Can you point me to it?
I've been asked to write a proof of concept but I don't feel motivated to do so. Also, there are some doubts about weather this guard discovery attack would be feasible on the real Tor network... though we could probably make it work in a test network.
Now that such a small percentage of the Tor network is vulnerable it's probably safe/responsible for me to post my theoretic Tor guard discovery attack, right?
Hmm, I *don't* think that 1/4 of the network is actually small percentage... [I think we should somehow encourage vulnerable relays to update their kernels to lower affected percentage below ~10-15%.] Also, you saying "guard discovery attack based on pure off-path TCP attack" make this *slightly* obvious. So if someone actually got it, it's likely that they're already exploiting it.
-- Ivan Markin