[vox] Rant: the suckiness of http://www.sectoor.de/ and thier
"tor blacklisting"
Micah J. Cowan
micah at cowan.name
Mon Jul 11 11:28:38 PDT 2005
On Sun, Jul 10, 2005 at 12:59:57PM -0700, ME wrote:
> ME said:
> [chop]
>
> I have been thinking about this a bit more and have some interesting
> thoughts on how this service can be used against people.
>
> This service relies upon an rDNS lookup which, for the most part, happens
> over port 53 UDP.
>
> As we know, UDP is a connectionless protocol.
>
> Being a connectionless protocol, it is easier to forge UDP packets without
> a true "session" than it is to forge TCP packets with syn and ack numbers.
>
> DNS Caching attacks have been known to exist for quite a while, and there
> are some methods to try to deal with them.
>
> Find a target user that uses a service that subscribed to the tor system.
>
> Understand what DNS their service uses, and attempt to poison their "toor
> blacklisting client" with 127.0.0.1 replies for your target user's IP
> address.
Seen on slashdot today:
http://it.slashdot.org/article.pl?sid=05/07/11/1210231&tid=172&tid=218
"Launching Anonymous Attacks Using the Tor Network"
More information about the vox
mailing list