[tor-talk] What is being detected to alert upon?
Frederick Zierold
Frederick.Zierold at georgetown.edu
Thu Apr 30 18:20:34 UTC 2015
Thanks for replying. I understand it is a spy vs spy type of situation but
what do they see currently? I don't believe they are seeing it by the IP
addresses (or so they claim).
Is it something in the handshake the is triggering the alert?
On Thu, Apr 30, 2015 at 2:17 PM, Seth David Schoen <schoen at eff.org> wrote:
> Frederick Zierold writes:
>
> > Hi,
> >
> > I am very curious how a vendor is detecting Tor Project traffic.
> >
> > My questions is what are they seeing to alert upon? I have asked them,
> > but I was told "that is in the special sauce."
> >
> > Is the connection from the users computer to the bridge encrypted?
> >
> > Thank you for your insight.
>
> Are they detecting non-public bridge traffic, or only normal entry
> guards?
>
> Detection and obfuscation is kind of a big topic that's been around for
> some years, so there are a lot of possibilities.
>
> --
> Seth Schoen <schoen at eff.org>
> Senior Staff Technologist https://www.eff.org/
> Electronic Frontier Foundation https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
--
Frederick Zierold, CISSP
University Information Security Office (UISO) Security Analyst
Direct: 202-687-5784
Office: 202-687-3031
Fax: 202-687-1505
UISO Security Services:
http://security.georgetown.edu, 202-687-3031 or security at georgetown.edu
UISO Identity & Access Management Services:
http://netid.georgetown.edu, 202-687-2999 or netid at georgetown.edu)
https://www.facebook.com/GeorgetownTechnology
More information about the tor-talk
mailing list