[tor-dev] A way to block chinese active probe
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Jan 9 23:49:00 UTC 2012
Hi all,
here's a second chinese-probe discrimination behavior that should allow
to detect them, and block it.
http://pastebin.com/RNcNDYcw
Like the TCP SYN one, this blocking tricks is based on the fact that the
OS & software they run on their server pool to make active-tor-probing
have to be highly optimized, as they need to manage a huge amount of
outbound connections.
Does anyone would like to re-test this behaviour (also for Windows/OSX)
and in case make a small patch for tor.
Now i made testing with iptables && -j TARPIT .
It would be nice to have in Tor a set of configurable Timeout?
As any active probe present and future could have some timing issue, not
being able to perfectly emulate the same conditions of a client, as
active probes run on servers (and server get optimized if need to do
high traffic).
-naif
More information about the tor-dev
mailing list