"Practical onion hacking: finding the real address of Tor clients"

[coderman]

On 10/20/06, Paul Syverson <syverson at itd.nrl.navy.mil> wrote:
> ... What exactly is an answer? I don't know. Many
> people who are on this list have hints of ideas that will help
> somewhat and they have been raising them, implementing them, analyzing
> them in papers, etc.

i'm fond of the transparent proxy router approach we've used to try
and fail safe for most protocols (at least with respect to the DNS
leaks and covert TCP connections via Java/Flash/etc).[1]

this doesn't do much for identifiers in the data stream (although
privoxy/squid do scrub the transparent HTTP which is visible), and
probably won't until significant effort is employed for
protocol/application specific content filtering proxies.  until then,
user beware...


> It might be good to have a testing page that is part of the setup
> wizards in some way as well as being fairly prominent on the homepage.

it would be nice to have a detailed proxy checker available that looks
at these Java/Flash/RealPlayer/etc holes.  right now there are a
handful of common http proxy checkers but these look for headers and
IP at best.

does such a thing exist?  i would be willing to host (although i
suspect others would have done so already were a tool available).

1. http://janusvm.peertech.org/ uses a pptp vpn connection to force a
default route through the virtual machine providing transparent TCP
and DNS proxy through Tor.  this defeats all of the covert TCP
connection attacks designed to circumvent browser/application level
SOCKS/HTTP proxy settings, but does not address identifying data
within the TCP streams. [people have been asking about non-Win
support, and this will be forthcoming in the next few months via
openvpn for *bsd/linux/solaris/mac]