dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
12139

Cudni
La Merma - Vigilado
MVM
join:2003-12-20
Someshire

Cudni

MVM

Tor hack proposed to catch criminals

from
»www.securityfocus.com/news/11447
"...
The Tor network--a distributed system of computers that anonymizes the source of network traffic--has a slew of beneficial uses: Human-rights workers, the military and journalists all use the system. However, the anonymity of Tor has also attracted seedier elements as well: digital pirates, online criminals and, quite possibly, child pornographers.

Now, one security researcher aims to make the distributed network less of a haven for the shadier side of the Internet.
..."
on the other hand
"...
"Mr. Moore's solution will not solve the problem he is trying to solve, and in the process, he will hurt a lot of people that he should be helping," Nerad said.
..."

Cudni

caffeinator
Coming soon to a cup near you..
Premium Member
join:2005-01-16
00000

caffeinator

Premium Member

Bleh, anyone really wanting to hide uses the so-called "undernet", the world outside of normal DNS space.

Private DNS servers.

IP doesn't need DNS to work people. Humans need it, that's all. Onion routing is fun, but isn't true anon, as the server ops know all the IP's running through them.

It's a fancy proxy, nothing more.

This won't do anything but ruffle some feathers except for those who actually need things like Tor. And those who aren't savvy enough to know beter.

grok gopherspace, for example...most peeps have forgotten there's more the the 'net than the www.

Always was. Always will be.

IMO,

CaFF
aka Iceman
join:2007-02-11

aka Iceman to Cudni

Member

to Cudni


This guy has done nothing more than create a form of a "back door" in the TOR network that has absolutely no useful purpose other than to track Users.
IMO this tactic goes against the very grain of what TOR stood for an shatters TOR's usefullness for all USERS.
Online criminals have been around since the onset of computers an will be around long after most of us are gone.
If this guy dislikes any part of being a SERVER on the TOR network he should simply no longer provide a SERVER.......there are many others who will pick up the slack.
Let law enforcement do their job....thats why law enforcement was established. For this guy to take on the role of a vigalanti is an outragous attact on the TOR NETWORK.
USERS of the internet are subjected to numerous forms of criminal behavior every time they turn on their computers....be it trogans, viruses or scams.....we all do our best to protect ourselfs and our families as best we can...an do so without lowering ourselfs to using the same tactics that criminals use......in essence this guy has lowered himself to the level of criminals by tracking innocent USERS./
Work arounds to defeat such tracking really would not be so difficult. Experience Users are not so simple minded as this guy seems to imply. Criminals have existed since the dawn of Time......there are indeed very emotionally disturbed people roaming the streets of every city in the world as well as the internet.....an there is law enforcement that is at work 24 hours of each day doing their job........they are well trained and most follow guidelines provided by courts......an while we may never all agree on a workable solution.......we certainly can not return to the caveman ways or the wild west days an throw away the good "gains" we have made over the years.
There are many government agencies that use the TOR network that now may as well be tracked by this guy.....so where does his tracking stop.......

psicop
More human than human
Premium Member
join:2005-12-21
Australia

psicop to Cudni

Premium Member

to Cudni
Well, if they implemented that measure in this network is for a reason. The "wwww" should be monitored for illegal activities in order to stop cyber-criminals and sexual predators.

BTW, is this you in here?:

»www.usatoday.com/tech/ne ··· csp=N009

»cardersmarket.com/forum/ ··· der=desc

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy to Cudni

MVM

to Cudni
First off, I don't use TOR and don't have a reason to.
said by "SecurityFocus" :
The attack also relies on the attacker's ability to have its server become an exit node for the Tor network.
This is the key to any TOR attack.

Now the fact that this also:
said by "SecurityFocus" :
The piggybacked Javascript also loads an applet that attempts to determine the internal network address of the targeted machine and to send a raw UDP packet to the attacker's DNS server to identify the external Internet address of any router that--by using network address translation (NAT)--may be obfuscating the user's address.
Could lead to anyone using it being prosecuted for hacking into another person's computer.
aka Iceman
join:2007-02-11

aka Iceman to psicop

Member

to psicop


LOL....no, not me. In fact, I actually work for a living....have had my own business for 28 years.....an if you notice in my post I advocate law enforcement. You may also notice the "aka" in my nicname.....
My guess would be that the internet is well monitored by law enforcement world wide.....unfortunately their hands are often tied by the very laws they are trying to enforce an thus their results are oftem nill....or just a "drop in the bucket"
As for sexual predators....hey, castrate them all

By the way...I use several nic names......an have been dabbing in computer security for 15 years......certainly I am not an expert by any means of the word...but I know enough to survive the internet....
I also advocate privacy......all one has to do is look at all the spyware floating on the internet an then ask oneself why are these scum bags being allowed to infect computers an get away with it.........it can not be be so onesided.....bad is bad....there is no middle ground....arrest all the bad guys an then something is being really achieved.....but who are the bad guys.....hell I gave up trying to sort them out......
Because you asked politely I offered this answer....an appreciate your politeness.
aka Iceman

aka Iceman to Cudni

Member

to Cudni


By the way....I do not use TOR...
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Hmm seems some one mentioned this close to 18 months ago. Oh wait that was me. TOR is crap and always has been it offers only a flase sence of security. Well looks like my predictions came true now doesn't it? I said it was only a matter of time before tor was messed with in such a manner and now here it is being done.

The cracker sits there and waits for his tor server to be a exit node then starts gathering the data he wants via his own proxy server that the trafic goes through. Really you dont need any tools to do it just need a nice smooth wall with transperant proxy turned on.

To make mores idea work best youd want to break any connections that were not useing you as a exit node. Less log data to sift through that way.

Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc.

Proxies are dangerous things to mess with unless you are in control of them. Back in the day i had my own proxy server running here at my house i used while at work. I used it to make sure that no trojans keyloggers etc that found their way on to those comps would have a really hard time steeling my log ins. I had every thing filtered and used a pure white list set of fire wall rules. Basically nothing got through to its intended destination unless it matched those white list rules.

SpannerITWks
Premium Member
join:2005-04-22

SpannerITWks to Cudni

Premium Member

to Cudni
Torment, gotta love the name he chose for it ! It'll be interesting to see how this pans out.

Spanner

spy1
Welcome to Amerika
Premium Member
join:2002-06-24
Charlotte, NC

3 recommendations

spy1

Premium Member

I thought Tor was pretty good at one time, too - anonymity-wise - even jumped through a bunch of hoops getting a Tor server set up here. ( »bugs.noreply.org/flyspra ··· ls&id=98 )

When I found out that the bad guys were using it (»Booz, Allen & Hamilton, Inc. ), I quit using it (no need to help them out, I figured).

Live and learn.

My current philosophy is to forget anonymity, stand behind everything you post anywhere without flinching and be ready and able to deal with any consequences. Pete

KCrimson
Premium Member
join:2001-02-25
Brooklyn, NY

KCrimson to aka Iceman

Premium Member

to aka Iceman
said by aka Iceman:

...an if you notice in my post I advocate law enforcement.

...an have been dabbing in computer security for 15 years..

... an then ask oneself why are these scum bags being allowed to infect c

... an then something is being really achieved...

..an appreciate your politeness.
Can I buy you a 'd'?

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to Nanaki

Premium Member

to Nanaki
said by Nanaki:

Hmm seems some one mentioned this close to 18 months ago. Oh wait that was me.
Based on the article, it now appears that someone can use their router to monitor and redirect traffic and content for the purpose of their choice.

Nanaki See Profile, I think both of us were of the opinion that something like this could happen, and we participated in a friendly and well-discussed dispute on Tor's anonymity protection and opportunity for monitoring at
»Anonymnity: Introduction To The Tor Network .

My own observations;
»Re: Anonymnity: Introduction To The Tor Network

And on torpark;
»Re: Torpark - Anonymous, Portable Browser Released

The present mitigating factor appears to be the requirement for scripting to be enabled on the target user's system. That can be more easily accomplished through social engineering of users who consider Tor to be their silver bullet of anonymity and protection. I suspect there will be more sophisticated methods developed to enable the user's scripting capability, and other methods used to accomplish the same ends. After all, the TOR routers are unvetted volunteers with administrative privileges and unrestricted physical and logical access to their routing systems.

Netbum
join:2002-04-08
Oakley, CA

Netbum to aka Iceman

Member

to aka Iceman
said by aka Iceman:

.....they are well trained and most follow guidelines provided by courts......
Boy,I could drive a truck through that...

NoFactsAtAll
@plus.com

NoFactsAtAll to Cudni

Anon

to Cudni
novaflare:

"Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc."

Where is your evidence?

Do you/have you monitor(ed) TOR Exit Nodes?

Fact is you don't have any "facts" at all.

I believe your statement is BS.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer

Premium Member

said by NoFactsAtAll :

novaflare:

"Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc."

Where is your evidence?

Do you/have you monitor(ed) TOR Exit Nodes?

Fact is you don't have any "facts" at all.

I believe your statement is BS.
You could easily disprove novaflare's statement by providing authoritative evidence that proves the contrary, but I suspect you have "nofactsatall". So, his statement is as valid as yours.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to NoFactsAtAll

Member

to NoFactsAtAll
said by NoFactsAtAll :

novaflare:

"Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc."

Where is your evidence?

Do you/have you monitor(ed) TOR Exit Nodes?

Fact is you don't have any "facts" at all.

I believe your statement is BS.
Well anonoumus thanks for backing my thoughts up. You by your very presence here as a anon and not providing any proof other wise proves my thoughts.

So fast to jump in and try to dispute my opinion and my guess at the percentage of legit users vs the illegal users. Tells me a couple things about you.
1 you use tor
2 you are on bittorent and other warez sites while useing the tor network.
and 3

Heres my thought on the popular uses of tor
ban dodging in irc. Facts to back this up instruction for tor clients on connecting to irc. One irc networks instructions were to turn it off while in irc others force you to register your nickname so that they can ban or delete your nick when you break the rules.

by passing bans on forums. To date i have ran in to no less than 10 forums where you must register to even read the forums. Reason given spammers who have been useing the tor net work to get around ip and isp bans. Many of these spam messages were from various bots.

I love the forum admins mentioning the bots useing tor as it backs me up really well. It shows with out doubt that tor is a great tool for illegal uses and that will be who uses it the most those who are the people breaking various laws. The least of wich is the trade of pirated music movies and software.
robo_mojo
join:2006-01-11
Ada, OK

1 recommendation

robo_mojo to Cudni

Member

to Cudni
Another day, another piece of FUD.

The attack vectors detailed in the report are already well-documented and understood by the Tor community. Anyone with a properly configured system running Tor would not even be susceptible to such an attack (by piping DNS through Tor, disabling plugins, etc).

The attack just relies on the victim having a badly configured system. In this case, a good ol' RTFM would help fix the problem.

Derwood2
Wherever you go, there you are
Premium Member
join:2003-01-21
Dayton, OH

Derwood2 to Cudni

Premium Member

to Cudni
I make it real simple for my own network.. I wrote a perl script that puts all Tor exit nodes into a BIND zone file which is used to block access to my web server and mail server.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to robo_mojo

Premium Member

to robo_mojo
said by robo_mojo:

... The attack vectors detailed in the report are already well-documented and understood by the Tor community. Anyone with a properly configured system running Tor would not even be susceptible to such an attack (by piping DNS through Tor, disabling plugins, etc).

The attack just relies on the victim having a badly configured system. In this case, a good ol' RTFM would help fix the problem.
This sounds like you have a solution

Would you please post these "user level" instructions on how to configure his/her PC properly and still have available the common functions users expect when accessing the internet? I have a nontechnical friend who would be interested.

Thanks,

EG
robo_mojo
join:2006-01-11
Ada, OK

robo_mojo

Member

said by EGeezer:

Would you please post these "user level" instructions on how to configure his/her PC properly and still have available the common functions users expect when accessing the internet? I have a nontechnical friend who would be interested.
Read the warnings posted at the top of the download page for a start: »tor.eff.org/download.html.en

The warnings on the download page are a recent addition, to help make the information more accessible to new users who don't yet understand the ins and outs. The information itself has already been known and well-documented by the community for a very long time, and could be understood by reading through documentation and FAQs. The interested user should make himself familiar with the documentation, as he should with any other software. Tor's documentation is actually very well written and easy to read.
robo_mojo

robo_mojo

Member

Also, there's been an interesting discussion about this topic here:
»archives.seul.org/or/tal ··· 082.html

Some of the responses are very insightful.
robo_mojo

robo_mojo to Derwood2

Member

to Derwood2
said by Derwood2:

I make it real simple for my own network.. I wrote a perl script that puts all Tor exit nodes into a BIND zone file which is used to block access to my web server and mail server.
The IP that the exit node connects from is not always the IP that the node publishes to the directory....

Thaler
Premium Member
join:2004-02-02
Los Angeles, CA

1 edit

1 recommendation

Thaler to Nanaki

Premium Member

to Nanaki
said by Nanaki:

Fact is tor is mostly used by pirates and those downloading other illegal data.
Pulling statistics outta our ass today, are we?

Seriously, anyone using Tor for illegal downloads is a moron. The amount of speed you sacrifice for security is counterproductive. Yes, you can download that lastest movie undetected...but do you really want to wait a week to download a movie?

A visit to any old "linksys" ISP would be more fruitful.

(edit) Not to meantion, "bastardizing" a technology for its potential illegal services is stupid. Hell, FTP could very well be a valid method to transfer illegal files. Would that be reason to go after it with a criminal vengeance? Or how about pursuing Photoshop users since child porn peddlers might be using it too?

Quite the slippery slope.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

said by Thaler:
said by Nanaki:

Fact is tor is mostly used by pirates and those downloading other illegal data.
Pulling statistics outta our ass today, are we?

Seriously, anyone using Tor for illegal downloads is a moron. The amount of speed you sacrifice for security is counterproductive. Yes, you can download that lastest movie undetected...but do you really want to wait a week to download a movie?

A visit to any old "linksys" ISP would be more fruitful.

(edit) Not to meantion, "bastardizing" a technology for its potential illegal services is stupid. Hell, FTP could very well be a valid method to transfer illegal files. Would that be reason to go after it with a criminal vengeance? Or how about pursuing Photoshop users since child porn peddlers might be using it too?

Quite the slippery slope.
Maybe i am pulling them from where the sun dont shine but fact is id bet their also not to damn far off. As for the linksys comment lol. I love to go for a shot gun ride with a friend with my lappy. So many open aps itsnot even funny no more. Last war drive was 5 miles give or take around my house and i picked up about 300 aps of wich 210 were open. I was picking up new ones so fast it made netstumbler choke a few times.

TOR is risky pure and simple it is nothingmore than a facny proxy period. Who ever controls a exit node you are on controls what you see it doesnt take much work to set up a proxy like squid on a s=computer with out tor running. Have the comp with tor running going through that squid proxy in transperant mode and whenyour the exit node you got the data as it was sent or is being recieved by the user on the other end. No manner of set up on client side will stop it.

If i set up a smoothwall box on my lan for example no one on my lan can by pass the proxy if its in transperant mode. This is because its is before the modem. its not untill your past the modem and out on the net when you can start to use other proxies or see what you want to see. If smoothwall blocks access to google.com by the word google for example. When you try to go to google.com or any url containing google in it youll see what i want you to see. Use a proxy to access google tobad youll still see what i present you with. If i decide to hard cache google.com you will see my cached page and not google.

If i do this with tor and im your exit node then guess what you see? You will see my copy of google not googles live copy.

This is where the danger of tor is at.

Thaler
Premium Member
join:2004-02-02
Los Angeles, CA

Thaler

Premium Member

said by Nanaki:

Maybe i am pulling them from where the sun dont shine but fact is id bet their also not to damn far off.
*shrugs* All I've actively seen Tor used for is mailing/posting/etc. system anonymity. As I've said before, the amount of node-hopping packets make using Tor renders it a piss-poor choice of P2P client. That discouraging fact alone lends me to believe that folks aren't swamping Tor systems trying to download TMNT or whatever.
said by Nanaki:

TOR is risky pure and simple it is nothingmore than a facny proxy period.
Well hell, sex itself too is risky, yet its still performed a lot throughout the globe.

There's not much that's 100% guaranteed out there, other than death and (maybe) taxes. Tor's definitely one of the better choices in "easy" anon proxy anonymity, but in no way is the system infallible. Hell, DNS spoofs have been around for ages now, and folks still use them for regular web traffic daily.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

said by Thaler:
said by Nanaki:

Maybe i am pulling them from where the sun dont shine but fact is id bet their also not to damn far off.
*shrugs* All I've actively seen Tor used for is mailing/posting/etc. system anonymity. As I've said before, the amount of node-hopping packets make using Tor renders it a piss-poor choice of P2P client. That discouraging fact alone lends me to believe that folks aren't swamping Tor systems trying to download TMNT or whatever.
said by Nanaki:

TOR is risky pure and simple it is nothingmore than a facny proxy period.
Well hell, sex itself too is risky, yet its still performed a lot throughout the globe.

There's not much that's 100% guaranteed out there, other than death and (maybe) taxes. Tor's definitely one of the better choices in "easy" anon proxy anonymity, but in no way is the system infallible. Hell, DNS spoofs have been around for ages now, and folks still use them for regular web traffic daily.
More frigthening to me is open wifi aps with the routers having defaults admin passes. I can set up bind powerdns or other dns servers fairly eaasy and do some pretty cool stuff. Local lookups vs useing your isps for example. Youd not beleive how much faster it can be to have google.com looked up on your local dns server than a isp or net based one. It can speed up the over all page load from time you hit enter till time your useing google by a huge ammount.

imagine this. I get on some ones wifi. Look at their router logs to see what bank they use. Now I fire up my dns server and make sure that their banks page is in my entries. I fire up my web server with a copy of that banks page that i modded to send me their info when they hit submit as well as logging them in to their account that is not served from my server. All i need to do now is change their dns server in their routers configs to point to 192.168.1.111 the ip i manually configured for my wifi conection. Then i take a nap in my custom mini socker mom/dad looking van while i wait for them to log in. Or i drop a few repeater mode mini aps running off battery packs in bushes between my motel room and their house.

Now that is freaking scarry. No freaking anti phishing tech out today will stop it. Even the sec cert may show all is well and good. Even if it warns it wont matter cause 90% of people will chose to ignore that glaring warning.

Hell my domain control panel cert shows invalid guess what i do? Continue any way. Sad but true expeirance has tought me that many a web sites cert is invalid for one reason or another. So i foolishly assume this is always the case and know what they say about assume? It makes a ass out of you and me...

This is why i do very little online shoping unless its with a green dot prepaid visa card and no online banking.
robo_mojo
join:2006-01-11
Ada, OK

1 edit

robo_mojo

Member

said by Nanaki:

Now that is freaking scarry. No freaking anti phishing tech out today will stop it. Even the sec cert may show all is well and good. Even if it warns it wont matter cause 90% of people will chose to ignore that glaring warning.
Your self-signed cert would likely NOT show up as "well and good". To avoid any warnings, you would have to buy a cert from one of the cert authorities trusted by the user (his browser will show a warning if your cert does not come from an authority that it trusts). So you wlil have to trick an authority into believing that you are the bank requesting a cert. It may be unlikely (though not impossible I guess).

Though I agree that most people probably wouldn't even be suspicious of a cert warning, anyway.
Hell my domain control panel cert shows invalid guess what i do? Continue any way.
You probably ought to call up your provider and ask them about that. I wouldn't be doing business with them if they can't even get their own certs right.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by robo_mojo:
Hell my domain control panel cert shows invalid guess what i do? Continue any way.
You probably ought to call up your provider and ask them about that. I wouldn't be doing business with them if they can't even get their own certs right.
I have seen this many times with multiple web hosting companies. It isn't that they can't get it right, it is that they want their customers to pay to have a certificate installed.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

said by NetFixer:
said by robo_mojo:
Hell my domain control panel cert shows invalid guess what i do? Continue any way.
You probably ought to call up your provider and ask them about that. I wouldn't be doing business with them if they can't even get their own certs right.
I have seen this many times with multiple web hosting companies. It isn't that they can't get it right, it is that they want their customers to pay to have a certificate installed.
Wont catch me bitchingabout it not when its a full fetured host and ree for life.

Point is most do ignore these errors maybe not the first time they get it for a site. They may do some digging do some googling check and see if others get the error as well etc. If all checks out then they assume incorrectly it always will. Corse they are porbabbly right. While i may use a open wifi ap i wont abuse the router changing settings etc. I may be currently jobless but id never consider steeling from any one else.

But thats just me others will do just that. I think if this becomes the next big bank account theft deal router manufacture may have to end up paying out setlements. These open aps and default passes have to go. Open ap alone is fine and pretty harmless but when i can get at some ones settigns or even upgrade their firmware thats just a really bad thing

cdigioia
Premium Member
join:2005-06-08
korea, repub

cdigioia to spy1

Premium Member

to spy1
said by spy1:

My current philosophy is to forget anonymity, stand behind everything you post anywhere without flinching and be ready and able to deal with any consequences. Pete
That kinda sucks if one lives in a repressive nation.