lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAJVRA1T6p2E-nS0iuFVghOtq1PqZRiLDuwWEE_1Z9m+DXcC49Q@mail.gmail.com>
Date: Sat, 29 Mar 2014 17:06:05 -0700
From: coderman <coderman@...il.com>
To: Jann Horn <jann@...jh.net>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] PoC: End-to-end correlation for Tor connections using an
 active timing attack

On Sat, Mar 29, 2014 at 1:46 PM, coderman <coderman@...il.com> wrote:
> .... using active DoS as a signal for
> confirmation, like your sequence of activity:

combining multiple techniques always useful, of course.

in prior implementations of similar attacks use of odd port numbers in
exit policy compounded the "stickiness" or durability of the
signalling channel when other applications and traffic also in use.
you could use stem[0] and aggressive descriptor fetch and check to
tailor the injected content/trigger for maximum effect.

low latency with traffic analysis resistance is a fun subject of
study, you should also think of ways to make these attacks impossible
while keeping latency minimal.[1] :)

.
.
lesson of this story:
 use SSL/TLS always!  HTTPS always!

more likely a middle attacker than compromised server. but assume the
worst, and build your defense in depth accordingly.



best regards.,


0. "STEM controller in Python: Example - Mirror Mirror on the Wall"
   https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html

1.  See also: Datagram stochastic re-ordered userspace stacks with
multi-homing, multi-path SCTP end to end with priority shaped queues
per application level endpoint classification (packet/flow marking)
prior to transport and opportunististic pre-caching and key
pre-exchange as padding channel filler.  Multi-plexing over TCP Tor as
is with concurrent circuits would be a useful if not as robust
defense.  E.g. socks of .bit to a tuple of onions used for concurrent
hidden circuits nearly immune to MitM attack like those commonly used
to implement the above. e.g.g.:     "name" : "d/peertech", "value" :
"'{tor:j5ivfpymes6h2kg4.onion,info:peertech hidden
services,alias:[j5ivfpymes6h2kg4.onion.,gc6y6skl3am6jsng.onion.,tvty3r2fyrwuc6b5.onion.]}'"
with the hs smarts to make the combines circuits a singular reliable
connection.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ