[tor-talk] Is this a practical vulnerability?
Andreas Krey
a.krey at gmx.de
Sat Oct 20 16:18:56 UTC 2012
On Sat, 20 Oct 2012 16:54:53 +0000, Anon Mus wrote:
> On 20/10/2012 14:46, Andreas Krey wrote:
....
> I expect most people would read your "remark" as talking down to someone..
Possibly.
...
> Don't you use router firmware firewalls? So you wouldn't see this kind
> of traffic?
Nope. NetBSD box.
> I thought the times when nerds spent days looking through router logs
> fuming at the drones that attpemt to access your system were long gone,
I spare me the fuming part, and I don't look often. The annoying parts,
bandwith-wise, are the ssh login attempts anyway.
> no? Sounds like you are living in the past.
May I remind you who else is reading logs here?
(And for that matter, condescending?)
...
> >Or, for instance, what are the signs I should be looking for in my
> >firewall/httpd logs to see whether there was a similar attack on
> >my systems after I started my hidden services.
>
> Where all logs end up, on the end, in the bin!
You're evading.
...
> Good, because I was only telling someone of my experience just so they
> could keep safe.
Irony-proof, too.
...
> >Besides, the /{Tor hidden service ID}/nonexistentfile.php is
> >/a1b2c3d4e5f6g7h8i9/nonexistentfile.php, right?
> >
> Yeah you could be right I edited it out when I mailed my expert.
But why would you edit out (and claim it was your service ID)
when the value is pretty obviously not a key or anything?
(You don't get something systematic like a1b2c3d4e5f6g7h8i9 as
a random value very often.)
...
> This "Hey prove it" nonsense could go on forever.. and I don't have the
> time.
You don't seem to have any credible proof, either.
> Take it of leave it.
In that case: Levae.
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
More information about the tor-talk
mailing list