Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: PoC: End-to-end correlation for Tor connections using an active timing attack
From: coderman <coderman () gmail com>
Date: Sat, 29 Mar 2014 17:06:05 -0700

On Sat, Mar 29, 2014 at 1:46 PM, coderman <coderman () gmail com> wrote:
.... using active DoS as a signal for
confirmation, like your sequence of activity:

combining multiple techniques always useful, of course.

in prior implementations of similar attacks use of odd port numbers in
exit policy compounded the "stickiness" or durability of the
signalling channel when other applications and traffic also in use.
you could use stem[0] and aggressive descriptor fetch and check to
tailor the injected content/trigger for maximum effect.

low latency with traffic analysis resistance is a fun subject of
study, you should also think of ways to make these attacks impossible
while keeping latency minimal.[1] :)

lesson of this story:
 use SSL/TLS always!  HTTPS always!

more likely a middle attacker than compromised server. but assume the
worst, and build your defense in depth accordingly.

best regards.,

0. "STEM controller in Python: Example - Mirror Mirror on the Wall"

1.  See also: Datagram stochastic re-ordered userspace stacks with
multi-homing, multi-path SCTP end to end with priority shaped queues
per application level endpoint classification (packet/flow marking)
prior to transport and opportunististic pre-caching and key
pre-exchange as padding channel filler.  Multi-plexing over TCP Tor as
is with concurrent circuits would be a useful if not as robust
defense.  E.g. socks of .bit to a tuple of onions used for concurrent
hidden circuits nearly immune to MitM attack like those commonly used
to implement the above. e.g.g.:     "name" : "d/peertech", "value" :
"'{tor:j5ivfpymes6h2kg4.onion,info:peertech hidden
with the hs smarts to make the combines circuits a singular reliable

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]