[tor-dev] FWD: Serious TCP Bug in Linux Systems Allows Traffic Hijacking

dawuud dawuud at riseup.net
Fri Aug 12 15:43:20 UTC 2016


Dear Liste, concerned Tor relay operators, TCP abolitionists and so called network forensics experts,


We already have several tools that can detect various types of TCP injection attacks; for instance:
https://github.com/david415/HoneyBadger


For fun I'll write some TCP inference exploits as described in that most excellent paper
so everyone can enjoy blind TCP injection attacks. I'll be sure to post my results here later...
unless i get completely distracted by yet another software development project.

meow >.< 

David

On Fri, Aug 12, 2016 at 04:39:10PM +0200, Liste wrote:
> 
> https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijacking/119804/
> 
> … The vulnerable TCP implementation (CVE-2016-5696) could affect an
> untold number of devices running Linux, including embedded computers,
> mobile phones and more. …
> 
> … Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote. …
> 
> 
> ...Systems Allows Traffic Hijacking https://wp.me/p3AjUX-vak
> Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote.
> 
> See more at: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
> https://wp.me/p3AjUX-vak
> Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote.
> 
> See more at: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
> https://wp.me/p3AjUX-vak
> Attacks can disrupt or degrade supposedly encrypted traffic, including
> connections over the Tor network, the researchers wrote.
> 
> See more at: Serious TCP Bug in Linux Systems Allows Traffic Hijacking
> https://wp.me/p3AjUX-vak

> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160812/d2bd4976/attachment.sig>


More information about the tor-dev mailing list