Full Disclosure mailing list archives
Re: Compromise of Tor, anonymizing networks/utilities
From: coderman <coderman () gmail com>
Date: Sat, 8 Dec 2007 18:14:31 -0800
On Dec 9, 2007 1:29 AM, jf <jf () danglingpointers net> wrote:
... scanning of the Tor network and rapid flagging of "bad exit"...lemme know if you need ointment with that band-aid.
Tor, like wireless, is susceptible to denial of service with little effort. the goal of exit scanning is not to protect clients from MITM at malicious exits (that can and will always happen) but merely to reduce the scope of denial of service introduced when a rogue exit is performing active attacks. (that is, if your implementation is vulnerable, you will be fucked. the only question is when will you be fucked, yes proper fucked, tommy. however, a proper implementation and quick flagging at the DA's lowers the frequency with which you would chose this rogue node as your exit (which fails, causing a denial of service for all paths exiting there, but does not lead to exploitation and is remedied once a new circuit is built...) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compromise of Tor, anonymizing networks/utilities, (continued)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 09)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)