On Dec 9, 2007 1:29 AM, jf <[EMAIL PROTECTED]> wrote: > > ... scanning of > > the Tor network and rapid flagging of "bad exit"... > > lemme know if you need ointment with that band-aid.
Tor, like wireless, is susceptible to denial of service with little effort. the goal of exit scanning is not to protect clients from MITM at malicious exits (that can and will always happen) but merely to reduce the scope of denial of service introduced when a rogue exit is performing active attacks. (that is, if your implementation is vulnerable, you will be fucked. the only question is when will you be fucked, yes proper fucked, tommy. however, a proper implementation and quick flagging at the DA's lowers the frequency with which you would chose this rogue node as your exit (which fails, causing a denial of service for all paths exiting there, but does not lead to exploitation and is remedied once a new circuit is built...) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
