>> TCP injection attacks are not the same as man-in-the-middle >> attacks... but rather are categorized as man-on-the-side. The >> difference is important because MoS is *much* cheaper for these >> various (not just NSA) entities to execute. MoS means you do not >> have to pwn a route endpoint at the site of your TCP injections... >> you can inject from almost anywhere as long as you can win the >> race. >> >> I will discuss this point in my write up... and I will write a >> section specifically for Tor exit relay operators who are >> interested in using HoneyBadger. > > What about the approach of detecting/preventing those attacks at the > user endpoint. Like enforcing HTTPS-connection (HTTPS-Everywhere) and > prohibiting/announcing redirects.
Tor users will not be able to detect these attacks on their infrastructure; hence my message to Tor exit relay operators. It is possible to add a "prevention" mechanism to HoneyBadger; an event based firewall ruleset generator made to block TCP injection attacks as they are happening... yes. This is possible. I could write that if there was interest from enough people. Yes... users of the Internet should give up using plain-text protocols to stay safer. HTTPS-Everywhere and the various other related efforts by the EFF are all a great help towards keeping people safer. _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
