Why TOR Operators SHOULD always sniff their exit traffic...

Eugen Leitl eugen at leitl.org
Fri Jun 10 08:43:35 UTC 2005


On Fri, Jun 10, 2005 at 08:59:21AM +0200, Kristian K?hntopp wrote:
> On Wednesday 08 June 2005 21:51, tor wrote:
> > Of particular interest is the increasing
> > sophistication of automated worm-based attacks. He cites the
> > developing W32.spybot.KEG
> > worm -- once inside a network it scans for several
> > vulnerabilities and reports its findings via IRC. 
> 
> And Sober variants routinely use JAP to fetch updates.

There no reason for a worm to not use a P2P onion network for control
traffic, and unblockable software updates. Sooner or later it's bound to
happen.

A Tor worm in China would actually be a good thing.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050610/8bcf6f98/attachment.pgp>


More information about the tor-talk mailing list