[tor-relays] Network scan results for CVE-2016-5696 / RFC5961
Ivan Markin
twim at riseup.net
Fri Dec 9 07:23:00 UTC 2016
dawuud:
> The Golang rewrite of the scanner is cool!
Thanks!
> btw i'm surprised you wrote https://github.com/nogoegst/rough/blob/master/tcp.go
> instead of using https://github.com/google/gopacket
You shouldn't; rough is just a convenient wrapper on top of TCP-ish
stuff from gopacket (it makes TCP hacks simpler).
> Maybe you could also implement my Tor guard discovery
> attack that uses this vulnerability?
Why not. I just don't know what the attack is. Can you point me to it?
> I've been asked to write a proof of concept but I don't feel motivated to do so.
> Also, there are some doubts about weather this guard discovery attack would be
> feasible on the real Tor network... though we could probably make it work in a test network.
>
> Now that such a small percentage of the Tor network is vulnerable it's probably safe/responsible
> for me to post my theoretic Tor guard discovery attack, right?
Hmm, I *don't* think that 1/4 of the network is actually small
percentage... [I think we should somehow encourage vulnerable relays to
update their kernels to lower affected percentage below ~10-15%.]
Also, you saying "guard discovery attack based on pure off-path TCP
attack" make this *slightly* obvious. So if someone actually got it,
it's likely that they're already exploiting it.
--
Ivan Markin
More information about the tor-relays
mailing list