Why TOR Operators SHOULD always sniff their exit traffic...
tor
tor at algae-world.com
Fri Jun 10 09:28:20 UTC 2005
Hi Eugene ,
I would say hard to intercept or trace under certain conditions
rather than "unblockable"
A tor carrying worm communicating via DNS tunneling might have
considerable more success for the immediate future
in penetrating "the Great FireWall of China"... although due to
serialization concerns DNS/UDP is MUCH more suitable for first having a
UDP/IP/TLS transport run over it first OpenVPN is what comes to mind and
then anonymous circuits via tor/TCP could then be added. Its actually
pretty neat/fast/cute on OC1 and faster networks . And it is a
tremendous CPU hog as a server. plan for VIA Nehemiah? class processors
with embedded AES crypto support and custom drivers for SSL/TLS
possibly(ah the price of bleeding edge!!)
see "Black OPS of DNS" at Dan Kaminsky s site www.doxpara.org for
details on DNS tunneling .(I have spammed this list too much tonite
according to at least one person:).. Dan has ssh and audio transports
working via perl code over DNS/UDP. He has given demos at Codecon and
other places for the past year or so of this capability..(there were 2
earlier efforts I am aware of that went public)
a tor operator
ps JAP was tapped on at least one occasion via court order, and I
believe at one point there were plans to have JAP support at least tor
client usage, did that ever happen?
Eugen Leitl wrote:
>On Fri, Jun 10, 2005 at 08:59:21AM +0200, Kristian K?hntopp wrote:
>
>
>>On Wednesday 08 June 2005 21:51, tor wrote:
>>
>>
>>>Of particular interest is the increasing
>>>sophistication of automated worm-based attacks. He cites the
>>>developing W32.spybot.KEG
>>>worm -- once inside a network it scans for several
>>>vulnerabilities and reports its findings via IRC.
>>>
>>>
>>And Sober variants routinely use JAP to fetch updates.
>>
>>
>
>There no reason for a worm to not use a P2P onion network for control
>traffic, and unblockable software updates. Sooner or later it's bound to
>happen.
>
>A Tor worm in China would actually be a good thing.
>
>
>
More information about the tor-talk
mailing list