Filtering out attacks?
Adam Langley
alangley at gmail.com
Tue May 17 21:11:47 UTC 2005
On 5/17/05, alexyz at uol.com.br <alexyz at uol.com.br> wrote:
> I wasn´t really thinking of high level filtering such as IP filtering or content filtering but more
> on (invalid) packet header filtering. For example, deliberate use of bad checksums, unusual
> TCP flags or IP options, invalid sequence numbers, spoofed addresses, duplicate TCP
> packets with differing payloads, packets with short TTLs that expire between targets, and so
> on. Yes, this would break the connection after the node had negotiated with the client but
> you can argue that the packets were invalid in the first place and should not be sent at all.
None of this is possible. Tor is transporting TCP streams of data,
thus the streams are reconstituted at each hop. For an attacker to
control seq numbers, TTLs and the like Tor would have to transport
specific IP datagrams. It does not.
AGL
--
Adam Langley agl at imperialviolet.org
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
More information about the tor-talk
mailing list