building pages with tor in mind
syverson at itd.nrl.navy.mil
Tue Feb 27 19:27:25 UTC 2007
On Tue, Feb 27, 2007 at 02:03:55PM -0500, Michael Holstein wrote:
> >end-user's IP address. Any code I've seen returns either "localhost" or
> something like "ipconfig /all" to work .. all you need do is create a
> non SOCKS'ed connection to somewhere.
> Flash is one excellent way to do that .. invoked via JS.
I believe all the things raised in this discussion were in the old
"snoop server" we used to run here at NRL starting in 1996 until about
'99 or 2000. Unfortunately the code for it disappeared from NRL when
Mike Reed did a few years after that, so I can' say for sure what was
IP address through the anonymous circuit but I can't swear to it.
(There were some that did return IP address; I just can't recall if
of opening up connections that bypassed the anonymity network
entirely, such as via flash, real audio, etc., that is unless the
Redirector that we had for Windows NT in '97 ('98?) was used. It sent
all connections through onion routing, but was much more intrusive on
the OS. Of course that wouldn't protect against any of the attacks
that ran through the anonymous pipe, rather than around it.
You might also look at some of the exploits Kevin McCurley has on
the digicrime site. I don't think he's updated them for years, but
they're still there. James Muir has already pointed to some of the
similar exploits he's done.
More information about the tor-talk