TorChat is a security hazard (Answer)
prof7bit at googlemail.com
prof7bit at googlemail.com
Sun Dec 12 21:08:51 UTC 2010
On Dec 12, 2010 7:20pm, Michael Blizek
<michi1 at michaelblizek.twilightparadox.com> wrote:
> I meant that A will connect intentionally to B, eg A wants to talk to B. B
> can then send messages to C which seem to came from A. However, C will
> talk
> back directly to A and the manipulation will most likely be detected...
Yes. The innocent client C will then start talking with A and send its own
address. A will then directly connect back to C and complete the handshake
with C.
I'm not 100% sure without looking into the sourcecode now (2 years since i
wrote it) what exactly will happen with the wrong pong message from C that
should have come as the ping response from B. It should ignore it because
pong sender does not match the initial ping recipient. But I'm 100% sure
that it would *not* lead to a stable connection (status: online, nomal
behavior) or even a completed handshake at all.
It might be suitable for some kind of DOS attack against a connection
between A and C.
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101212/50ad89a1/attachment.htm>
More information about the tor-talk
mailing list