[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] PoC: End-to-end correlation for Tor connections using an active timing attack
From: coderman <coderman () gmail ! com>
Date: 2014-03-30 0:06:05
Message-ID: CAJVRA1T6p2E-nS0iuFVghOtq1PqZRiLDuwWEE_1Z9m+DXcC49Q () mail ! gmail ! com
[Download RAW message or body]
On Sat, Mar 29, 2014 at 1:46 PM, coderman <coderman@gmail.com> wrote:
> .... using active DoS as a signal for
> confirmation, like your sequence of activity:
combining multiple techniques always useful, of course.
in prior implementations of similar attacks use of odd port numbers in
exit policy compounded the "stickiness" or durability of the
signalling channel when other applications and traffic also in use.
you could use stem[0] and aggressive descriptor fetch and check to
tailor the injected content/trigger for maximum effect.
low latency with traffic analysis resistance is a fun subject of
study, you should also think of ways to make these attacks impossible
while keeping latency minimal.[1] :)
.
.
lesson of this story:
use SSL/TLS always! HTTPS always!
more likely a middle attacker than compromised server. but assume the
worst, and build your defense in depth accordingly.
best regards.,
0. "STEM controller in Python: Example - Mirror Mirror on the Wall"
https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html
1. See also: Datagram stochastic re-ordered userspace stacks with
multi-homing, multi-path SCTP end to end with priority shaped queues
per application level endpoint classification (packet/flow marking)
prior to transport and opportunististic pre-caching and key
pre-exchange as padding channel filler. Multi-plexing over TCP Tor as
is with concurrent circuits would be a useful if not as robust
defense. E.g. socks of .bit to a tuple of onions used for concurrent
hidden circuits nearly immune to MitM attack like those commonly used
to implement the above. e.g.g.: "name" : "d/peertech", "value" :
"'{tor:j5ivfpymes6h2kg4.onion,info:peertech hidden
services,alias:[j5ivfpymes6h2kg4.onion.,gc6y6skl3am6jsng.onion.,tvty3r2fyrwuc6b5.onion.]}'"
with the hs smarts to make the combines circuits a singular reliable
connection.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic