l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2005 Jul 11 11:28

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Rant: the suckiness of http://www.sectoor.de/ and thier "tor blacklisting"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Rant: the suckiness of http://www.sectoor.de/ and thier "tor blacklisting"



ME said:
[chop]

I have been thinking about this a bit more and have some interesting
thoughts on how this service can be used against people.

This service relies upon an rDNS lookup which, for the most part, happens
over port 53 UDP.

As we know, UDP is a connectionless protocol.

Being a connectionless protocol, it is easier to forge UDP packets without
a true "session" than it is to forge TCP packets with syn and ack numbers.

DNS Caching attacks have been known to exist for quite a while, and there
are some methods to try to deal with them.

Find a target user that uses a service that subscribed to the tor system.

Understand what DNS their service uses, and attempt to poison their "toor
blacklisting client" with 127.0.0.1 replies for your target user's IP
address.

Why could this work? Because the validity of information relies upon an
untrusted and insecure protocol that is easily forged.

All that remains is the constuction of tools that can take advantage of
this, and the value of the tor blacklisting service is decreased.

Patrons of a service that can be abused in this way risk marginalizing
their own customers.

Now that it is summer, I should consider starting a new project. ]:>

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!