Full Disclosure mailing list archives
Re: PoC: End-to-end correlation for Tor connections using an active timing attack
From: coderman <coderman () gmail com>
Date: Sat, 29 Mar 2014 17:06:05 -0700
On Sat, Mar 29, 2014 at 1:46 PM, coderman <coderman () gmail com> wrote:
.... using active DoS as a signal for confirmation, like your sequence of activity:
combining multiple techniques always useful, of course. in prior implementations of similar attacks use of odd port numbers in exit policy compounded the "stickiness" or durability of the signalling channel when other applications and traffic also in use. you could use stem[0] and aggressive descriptor fetch and check to tailor the injected content/trigger for maximum effect. low latency with traffic analysis resistance is a fun subject of study, you should also think of ways to make these attacks impossible while keeping latency minimal.[1] :) . . lesson of this story: use SSL/TLS always! HTTPS always! more likely a middle attacker than compromised server. but assume the worst, and build your defense in depth accordingly. best regards., 0. "STEM controller in Python: Example - Mirror Mirror on the Wall" https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html 1. See also: Datagram stochastic re-ordered userspace stacks with multi-homing, multi-path SCTP end to end with priority shaped queues per application level endpoint classification (packet/flow marking) prior to transport and opportunististic pre-caching and key pre-exchange as padding channel filler. Multi-plexing over TCP Tor as is with concurrent circuits would be a useful if not as robust defense. E.g. socks of .bit to a tuple of onions used for concurrent hidden circuits nearly immune to MitM attack like those commonly used to implement the above. e.g.g.: "name" : "d/peertech", "value" : "'{tor:j5ivfpymes6h2kg4.onion,info:peertech hidden services,alias:[j5ivfpymes6h2kg4.onion.,gc6y6skl3am6jsng.onion.,tvty3r2fyrwuc6b5.onion.]}'" with the hs smarts to make the combines circuits a singular reliable connection. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- PoC: End-to-end correlation for Tor connections using an active timing attack Jann Horn (Mar 29)
- Re: PoC: End-to-end correlation for Tor connections using an active timing attack coderman (Mar 29)
- Re: PoC: End-to-end correlation for Tor connections using an active timing attack coderman (Mar 29)
- Re: PoC: End-to-end correlation for Tor connections using an active timing attack coderman (Mar 29)