I was thinking about creating a Tor clone and see the traffic goin to it, something that simulates a Tor relay with a virtual file system
Cannon <can...@cannon-ciota.info> skrev: (11 oktober 2016 19:48:19 CEST) >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >On 10/11/2016 04:17 PM, Flipchan wrote: >> is ofc not connected to the Tor Network. > >What is "ofc" ? >What would be advantages of having it disconnected from Tor network? >Having the honeypot not listed in the Tor directory servers would only >detect scanners or adversaries that identify targets based on port >number. If I was an adversary I would just refer to the directory >server for listings of Tor routers instead of doing internet wide scans >which could take up to a day. >If concerned about "normal Tor traffic" acting as a cover for malicious >traffic, then perhaps sort log data through a filter omitting traffic >based on following criteria: > >1. OMIT traffic to/from known Tor Nodes and their listed ports, WHICH >ALSO INCLUDES traffic pattern matching normal Tor traffic. > >So what this filter would do is omit traffic between your honeypot node >and other Tor nodes, while bringing to attention traffic that is >connecting to/from non Tor routers or non Tor related ports or traffic >that may be connecting to other Tor routers/ports but with non standard >Tor traffic. > >So even if an adversary is mass hacking Tor from a Tor router as cover, >this would likely pick up traffic that is not matching that of standard >Tor traffic. >-----BEGIN PGP SIGNATURE----- > >iQIcBAEBCgAGBQJX/SVIAAoJEAYDai9lH2mwnhUP/0RVjI7a7Ysc9iDh5bicQWDa >dV6/fL/enXy0UiryHwA+7tO3is0gctgVmbbFSQNSqSOiDReuRV7KyKW437LsyJoq >YQE5RtiPga9ZdDxCiw3uHGXRYahH/VfZe7D0I+IkZOQdMbFBqo5kPQjAFYhix58l >Q9HFazbmuntXhdTuFgpJlctM1j5objyGi9EFg5+cRfKwIkllGvF2y/42M01yeB0H >9hNpO6KPFm6gHgNQBxJ0VZkP/wXSuYc2n0ae9r+P86Xox6N/xTqJ4ABiwDHGap5u >A4dotNEoW88f+gJx5/1S5i6PpFzll3/MbfH9gnLgRklrDljWS3GWLYhamhRoVbZx >XMPO/5wDwPWnm73EDBQJPbdDyVlFziMrf0d+Tjk3UAtCWODURXx4TTi90WRjZCF0 >rVBYqTP9Qn+0/Y5/wE8tPMjjLQqMaVdSPc5PvrZ+m+Hat7q17T4ZpKAedm7IbqME >G+F51lgqfOLleIabcP76xyEaxoM8jFNcI4oCSCzDLATe+romlE/PNLLlqHGa8VIL >AYhEhkMwgcHsy6eO+e7jcZx/7qC1jOvrxTYuT81cbgjc5VgPwdI9utyYQ85Qz9sO >G4az6M2FTHLnY8scGU4NbIsoZfN4RwNu++DLB0mPOr+iHWmSJZSNNOmz5fyhbLQi >sTWzCCofvLXLyK60RLc9 >=eadK >-----END PGP SIGNATURE----- > > >-- > >Cannon >PGP Fingerprint: 2BB5 15CD 66E7 4E28 45DC 6494 A5A2 2879 3F06 E832 >Email: can...@cannon-ciota.info >Bitmessage Address: BM-2cVaTbC8fJ5UDDaBBs4jPQoFNp1PfNhxqU >Ricochet-IM: ricochet:hfddt2csxnsb2mdq > >NOTICE: ALL EMAIL CORRESPONDENCE NOT SIGNED/ENCRYPTED WITH PGP SHOULD >BE CONSIDERED POTENTIALLY FORGED, AND NOT PRIVATE. >If this matters to you, use PGP or bitmessage. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk