Why TOR Operators SHOULD always sniff their exit traffic...

tor tor at algae-world.com
Fri Jun 10 09:28:20 UTC 2005 

Hi Eugene ,
    I would say hard to intercept or trace under certain conditions 
rather than "unblockable"
   A tor carrying worm communicating via DNS tunneling might have 
considerable more success for the immediate future
   in penetrating "the Great FireWall of China"... although due to 
serialization concerns DNS/UDP is MUCH more suitable for first having a 
UDP/IP/TLS transport run over it first OpenVPN is what comes to mind and 
then anonymous circuits via tor/TCP could then be added. Its actually 
pretty neat/fast/cute on OC1 and faster networks . And it is a 
tremendous CPU hog as a server. plan for VIA Nehemiah? class processors 
with embedded AES crypto support and custom drivers for SSL/TLS 
possibly(ah the price of bleeding edge!!)

see "Black OPS of DNS" at Dan Kaminsky s site www.doxpara.org   for 
details on DNS tunneling .(I have spammed this list too much tonite 
according to at least one person:).. Dan has ssh and audio transports 
working via perl code over DNS/UDP. He has given demos at Codecon and 
other places for the past year or so of this capability..(there were 2 
earlier efforts I am aware of that went public)

      a tor operator
ps JAP was tapped on at least one occasion via court order, and I 
believe at one point there were plans to have JAP support at least tor 
client usage, did that ever happen?



Eugen Leitl wrote:

>On Fri, Jun 10, 2005 at 08:59:21AM +0200, Kristian K?hntopp wrote:
>  
>
>>On Wednesday 08 June 2005 21:51, tor wrote:
>>    
>>
>>>Of particular interest is the increasing
>>>sophistication of automated worm-based attacks. He cites the
>>>developing W32.spybot.KEG
>>>worm -- once inside a network it scans for several
>>>vulnerabilities and reports its findings via IRC. 
>>>      
>>>
>>And Sober variants routinely use JAP to fetch updates.
>>    
>>
>
>There no reason for a worm to not use a P2P onion network for control
>traffic, and unblockable software updates. Sooner or later it's bound to
>happen.
>
>A Tor worm in China would actually be a good thing.
>
>  
>

More information about the tor-talk mailing list