[vox] Rant: the suckiness of http://www.sectoor.de/ and thier
"tor blacklisting"
ME
dugan at passwall.com
Sun Jul 10 12:59:57 PDT 2005
ME said:
[chop]
I have been thinking about this a bit more and have some interesting
thoughts on how this service can be used against people.
This service relies upon an rDNS lookup which, for the most part, happens
over port 53 UDP.
As we know, UDP is a connectionless protocol.
Being a connectionless protocol, it is easier to forge UDP packets without
a true "session" than it is to forge TCP packets with syn and ack numbers.
DNS Caching attacks have been known to exist for quite a while, and there
are some methods to try to deal with them.
Find a target user that uses a service that subscribed to the tor system.
Understand what DNS their service uses, and attempt to poison their "toor
blacklisting client" with 127.0.0.1 replies for your target user's IP
address.
Why could this work? Because the validity of information relies upon an
untrusted and insecure protocol that is easily forged.
All that remains is the constuction of tools that can take advantage of
this, and the value of the tor blacklisting service is decreased.
Patrons of a service that can be abused in this way risk marginalizing
their own customers.
Now that it is summer, I should consider starting a new project. ]:>
More information about the vox
mailing list