On Tue, 22 Mar 2011 21:19:46 -0700
Mike Perry wrote:
> > > But, if the EFF runs an exit enclave at observatory.eff.org, shouldn't
> > > this solve the same-circuit correlation problem? Tor should prefer
> > > using that exit enclave in all cases when it is up in this case.
> >
> > This won't wor
On Tuesday 22 March 2011 17:37:44 e...@riskproof.no-ip.org wrote:
> I have tried no further to determine whether that data is some
> protocol or actually protocol. I simply assumed protocol as
> one(*) would expect by seeing port 22.
Telling ssh traffic from Tor traffic on port 22 is easy. The
> Wed, 23 Mar 2011 11:54:37 -0400 (EDT)
> From: cmeclax-sazri
>
> Telling ssh traffic from Tor traffic on port 22 is easy. The ssh connection
> begins with an exchange of ssh version numbers in the clear, then a list of
> ciphers. Connecting to a Tor port and sending an SSH version wil
Ooops... a typo in there. Also, reformatted the rule string to
make it more readable.
better make that:
iptables -A INPUT -p tcp \! -f -m connbytes --conbytes 0:255 \
-m state ESTABLISHED -m length --length 46:375 -m u32 \
--u32 "o>>22&0x3C@ 12>>26&0x3C@ 0=0x5353482D" -j DR
Yet another typo... the 1st char in the quoted-string for --u32 should
be the digit zero (0) instead of lower-case oh (o).
iptables -A INPUT -p tcp \! -f -m connbytes --conbytes 0:255 \
-m state ESTABLISHED -m length --length 46:375 -m u32 \
--u32 "0>>22&0x3C@ 12>>26&0x3C@ 0=0x53
Thus spake Robert Ransom (rransom.8...@gmail.com):
> On Tue, 22 Mar 2011 21:19:46 -0700
> Mike Perry wrote:
> > Yeah, we need to start issuing requests for the IP, because the DNS
> > request itself is an anonymity set fragmentation issue (since it won't
> > go to the enclave, but will be mixed w
