[tor-talk] Had a great idea just thought I'd put it out there...
TheMindwareGroup
themindwaregroup at gmail.com
Thu Feb 6 19:35:10 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
It appears they are scanning entire packets at a time for efficiency.
What about using extremely small packets? The smaller packets are the
smaller the the data surface is the harder it would make it for them
to accurately detect the protocol.
I know there's that bug in the state-less firewalls that mucks up
there pattern matching if the packets are cut up into 160 byte chunks.
also I've heard UDP packets are fragmented if they are bigger than
1400 bytes, and are only marked as arrived if the operating system
manages to get all fragments I dont know if TCP does the same. So I
assume 1400 byte packets are more likely to arrive across the network,
the down side is I imagine it would probably be quite slow sending
only 1K at a time.
~Shadowman
~TheMindwareGroup
TheMindwareGroup at gmail.com PGP: 0xf4b6586f
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJS8+PuAAoJEKcLVST0tlhvv5wH/RTjMGfMDH6VJbMspJl/V7ja
a2+wAm3fARuAOH2lOxsOSJ4xYh8mrChJGdPfZ7E5OF343NmSl8QPRd0rAI8hkDTc
9EpwVelgHx7iawAV8fbsH43oscwS2h8RC72opUPV+uVTTaQ9vHa7qnScCQ/jKPAb
E3n4vgRNO/V+WDWRI806ny8VufgUwUr9rxjBrbEbSEpWI8BjMn13eKJey/dRzI9K
Axf64rCikIVNo8z4S1ggkWI3wbjoNHDnCt4XQ/Vv/piF0JlCgZqlZ8NZKoLKgHKA
dSwgvFzAa5TxpmlKfk04iBFr7ORAGtrNQHqRox3SasuJSeepAHi4EW7RXv3Fm00=
=cAZ7
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list