[tor-talk] Is this a practical vulnerability?

Andreas Krey a.krey at gmx.de
Sat Oct 20 16:18:56 UTC 2012


On Sat, 20 Oct 2012 16:54:53 +0000, Anon Mus wrote:
> On 20/10/2012 14:46, Andreas Krey wrote:
....
> I expect most people would read your "remark" as talking down to someone.. 

Possibly.

...
> Don't you use router firmware firewalls? So you wouldn't see this kind 
> of traffic?

Nope. NetBSD box.

> I thought the times when nerds spent days looking through router logs 
> fuming at the drones that attpemt to access your system were long gone, 

I spare me the fuming part, and I don't look often. The annoying parts,
bandwith-wise, are the ssh login attempts anyway.

> no? Sounds like you are living in the past.

May I remind you who else is reading logs here?
(And for that matter, condescending?)

...
> >Or, for instance, what are the signs I should be looking for in my
> >firewall/httpd logs to see whether there was a similar attack on
> >my systems after I started my hidden services.
> 
> Where all logs end up, on the end, in the bin!

You're evading.

...
> Good, because I was only telling someone of my experience just so they 
> could keep safe.

Irony-proof, too.

...
> >Besides, the /{Tor hidden service ID}/nonexistentfile.php is
> >/a1b2c3d4e5f6g7h8i9/nonexistentfile.php, right?
> >
> Yeah you could be right I edited it out when I mailed my expert.

But why would you edit out (and claim it was your service ID)
when the value is pretty obviously not a key or anything?
(You don't get something systematic like a1b2c3d4e5f6g7h8i9 as
a random value very often.)

...
> This "Hey prove it" nonsense could go on forever.. and I don't have the 
> time.

You don't seem to have any credible proof, either.

> Take it of leave it.

In that case: Levae.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800


More information about the tor-talk mailing list