[tor-dev] [GSoC '16] Exitmap project - Introduction and request for comments

grarpamp grarpamp at gmail.com
Fri Mar 18 07:04:01 UTC 2016


On 3/18/16, Mridul Malpotra <mridul.malpotra at gmail.com> wrote:
>         b. For testing active attacks, can there be modules developed
> keeping other cleartext protocols like SNMP and Telnet in mind?

Tor only supports TCP of course, however any cleartext application
protocol using it is subject to snooping / modification. HTTP, POP3,
NNTP, etc. And if the cert is MITM or server faked, so is TLS.
A map to a honeypot of passwords [telnet pop3 ...] would be fun.

> Alternatively, is there a way to determine what protocols are being used
> over Tor and their popularity?

That might guide which protocol to develop module for, along with
thinking of what payoff for snooping / modification that proto is.
Note tor claims such traffic analysis research is likely too
sensitive to conduct, even though people privately conduct
it all the time.


More information about the tor-dev mailing list