[tor-talk] MITM attack on TLS
Justin
davisjustin002 at gmail.com
Sat Nov 21 22:58:04 UTC 2015
Hello,
You would be correct normally, but at school, I know the IT guy very well. I have calculated that he is probably too lazy to check his logs. He usually doesn’t check things out until someone tells him that a problem is occurring. Even if Meek-Google is broken, I got more information from him that would indicate that he probably won’t MITM Meek-Amazon or Azure. If it does become dangerous, I will switch to one of those.
> On Nov 21, 2015, at 4:36 PM, mick <mbm at rlogin.net> wrote:
>
> On Sat, 21 Nov 2015 16:56:12 -0500
> Allen <allenpmd at gmail.com <mailto:allenpmd at gmail.com>> allegedly wrote:
>
>>>
>>>> SSH is probably more dangerous than OBFS4 because it coulee be
>>>> detected
>>> with a DPI fingerprint. They might question that. I think Tor with
>>> transports is good.
>>>
>>> On that paranioa level OBFS4 is as dangerous as SSH - it doesn't
>>> matter if they see traffic they can fingerprint as ssh or they see
>>> traffic they cannot fingerprint. They get suspicious in both cases.
>>>
>>>
>> Personally, I would think SSH is much safer. It is used by IT people
>> all the time for server management, so they will understand it. The
>> destination address will be a cloud server, which you can simply say
>> you are using for a personal project. OBFS4 on the other hand is not
>> normally used by IT people--it is used to get around IT people. They
>> will immediately be very suspicious if they are able to figure out the
>> protocol. And the destination IP address is who-knows-what, which
>> could by itself raise questions and might even lead them to think a
>> computer on their network could be infected with a virus that needs
>> immediate investigation. In the end, a protocol they know and
>> understand and use in their own work will be much less threatening to
>> them than something they don't.
>
> To the OP (and others who may wish to try something similar) my strong
> advice is "don't, just don't". I've been a network admin and sysadmin
> on corporate systems. Unauthorised traffic on such a network /will/
> attract attention, /will/ piss off the admins and almost /certainly
> will/ result in disciplinary action including and up to summary
> dismissal depending upon the terms of your contract.
>
> Mick
>
> ---------------------------------------------------------------------
>
> Mick Morgan
> gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
> http://baldric.net <http://baldric.net/>
>
> ---------------------------------------------------------------------
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org <mailto:tor-talk at lists.torproject.org>
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
More information about the tor-talk
mailing list