System Error Posted October 29, 2006 Share Posted October 29, 2006 http://www.packetstormsecurity.org/0610-ad...ion_Hacking.pdf Anyone done any of this sort of thing ? Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted October 29, 2006 Share Posted October 29, 2006 nope Quote Link to comment Share on other sites More sharing options...
stitch Posted October 30, 2006 Share Posted October 30, 2006 this method could easily be beaten by disabling javascript and flash in your browser whenever you are using the tor network (which you shouldnt need if you are using the tor network for something specific). also routing all dns lookups through tor adds another layer of security. Quote Link to comment Share on other sites More sharing options...
killzone Posted October 31, 2006 Share Posted October 31, 2006 Pretty interesting article. I get the gist of waht they are doing. But a question arises. They are atacking the anominity of the User right>? But why is the paper called unwrapping the onion>? I ask this becasue, it appears that they arent actually figureing out the ip address of all Tor clients but rather only those who directly connect to their tor server initially and then out onto the web and not to another tor server. "First Queue Interesting Data" 1: All outbound packets destined to port 80 which are not going to another tor node. 2: All inbound traffic originating from port 80, and not form another Tor node. so this model suggests to me that it only can find the ip of: client(target) -> tor server(IP_getter) ->web and not: client(target) -> tor(server) ->tor server(IP_Getter)->tor->web or client(target) ->server(IP_Getter)->tor->web or client(target) -> tor(server) ->tor server(IP_Getter)->web I could be misunderstanding the paper so if you can clrify please do so. but it seems that if it isnt keeping track of any data comming in from another tor node or going to a tor node....the it misses those anonmous browsers....its not really unwraping the onion but rather sliceing off a peice of it. again if i jsut missed the concept please clarify. thanks Quote Link to comment Share on other sites More sharing options...
cooper Posted October 31, 2006 Share Posted October 31, 2006 They are atacking the anominity of the User right>? But why is the paper called unwrapping the onion?Well, the goal of TOR is to make sure you can't be identified. If someone is able to identify you, what exactly is TOR doing for you? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted October 31, 2006 Share Posted October 31, 2006 Unwrapping the onion is because the client is at the center you have to unwrap the onion to find the client. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.