Hi Frank, I suspect you're asking about TorFlow because of SoaT (Snakes on a Tor). That's no longer a thing. Rather, ExitMap is the new hotness...
http://www.cs.kau.se/philwint/spoiled_onions/ Philipp is still active in this space if you have questions about it. Cheers! -Damian On Mon, Mar 9, 2015 at 4:15 PM, Francois Valiquette <[email protected]> wrote: > Hello, > > I am a master student in System Information Security in Canada and I am > doing a project which will evaluate the security of the Tor Exit Nodes in a > Tor user perspective. > > By reading the documentation of torflow, it is yet not clear to me, exactly > which tests you are doing. One part of my project is to make a description > of each possible attack an Exit Node can make and a description of a > detection/mitigation mechanism for each of the attack but also I would like > to implement one or more tests that have not been implemented by torflow. > > Here is a list of attacks that we think that a malicious Exit Node could do. > The list is not complete, we will expand it. I would like to know, what type > of attacks have you not tested and also, feel free to complete this list. > > -SSL and none SSL Sniffing (Session Hijacking, emails, web URL, IRC > channel, FTP ) > -Virus Injection (Linux, OSX, Windows, Android) > -Misc Injection/Tampering: advertisements, JavaScript, etc > -Pharming Attacks > -DNS Rebinding > -SSL MITM with CN > -SSL MITM (revoked certificate, expired certificate and untrusted > certificate) > -SSL Downgrade attacks > -SSL stripping > -Dropping TLS connections > -Spurious RST packets > -Exploiting Bittorrent Tracker to reveal a user’s real IP > > > Thank you for reading and sorry for the long post > Frank > > > _______________________________________________ > tor-dev mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
