New "worst nightmare" for network admins

Wrong. Tor cannot defend against traffic and timing analysis. A proposed extension to address these issues is the AN.ON/JAP project.

Once again bullshit. Why TF would an admin allows users to run arbitrary programs?

Anyway, what do you want to tell? Tunneling is an inherently unsolvable problem.

The military would not be using it if they could not trust it. The military uses Tor in the field to communicate with the top brass in Washington, becuase the packets cannot be analised, cracked, or sniffed. It is military grade encryption that The military, as well Homeland Security, the FBI, and other government agencies involved in the War on Terror as using. The data packets cannot be sniffed by ANY of America's enemies, the security is THAT good. So if the intelligence agencies of America's ENEMIES cannot crack, sniff, or analise it, neither could your typical corporate network admin. And this includes potential enemies such as Russia and China. If the RUSSIAN KGB cannot crack, sniff, or analise the data, then neither can the typical corporate network admin.

Well, when I check my address when logging on via Tor, I do often find myself at the address of a corporate og government network. There are more users than you might think running Tor nodes on thwir workstations. The way that Tor works, is the proxy randomly forwards you to a Tor node, which handles your traffic. I have found that numerous educational institutions, corporations, and government have machines on their networks running Tor and Privvoxy. The network admins are probably unaware that corporate workstations are running as Tor nodes, forwarding whatever traffic is routed thorugh them.

How about if connections to Tor nodes are blocked, there is already a blacklist being hosted

John

This is not a "nightmare", but a software program for implementing privacy.

What's your problem with it?

Yours, VB.

There is a chink in that armor, though. Privoxy, which puts someone on the Tor network can be run on someone's home computer. One could simply start up on thier home machine, and then connect to the their Privoxy server from work, and that would defeat any blacklist your put up, since the person's home computer, running Privoxy, would be handling the traffic to and from Tor. You would see an encrypted connection to someones home computer, but you would not know what was going on.

You have been here before spouting the same tripe. Any network admin can spot an unusual stream of encrypted data flowing to and from a workstation. Depending on the environment, that can be an instant tip off that the user is up to no good. An admin can also use tools to see what applications are running on a workstation. Again, anything that looks out of the ordinary is a red flag.

And you keep forgetting the admins ability to remotely view the screen of any workstation, and the keystroke logging programs used by many companies to give them hard copies of the legal backing for firing someone.

Your repeated "admins worst nightmare" delusions are just a way to give clueless users a false sense of security that could get them fired from their jobs.

An admin might overlook it if you were broadcasting football, soccer, or hockey... but fruity figure skating events? Get real. Sorry, but anything involving men dressed like Las Vegas showgirls is a clear violation of the network policy.

Its not my problem. But it WILL be for network admins. I am the "worst nightmare" guy that used to work for Anonymous Antarctic Media, and I have since gone off and founded my own media company. With a Live

365 Professional broadcast account, one can can on the air fairly quickly. I run my own online talk show as well, and one of my listeners told me about it the other day. She uses is from her workplace in Las Vegas, so she can listen to my talk show, and her boss has no CLUE as to what she is up to. She listens to my show from work, if I happen to be broadcasting at that time, and her boss does not know she is doing this. As a result, I now encourage my listeners to download and use Tor, if they are going to listen from work, especially with the upcoming figure skating season. They will be able to listen to live online audio, and if they use Tor, the boss will NEVER know what they are up to, because of the military grade encryption, that is actually used by the United States Government in the War on Terror, the security is THAT good.

An interesting thing about the Internet is that it provides soapboxes to all who can afford them, whether law abiding or not, and whether ethical or not.

Oh, my - it's September, and the failing students from "Introduction to the Fundamentals of Concepts of Networking" are back.

Just because _you_ can't imagine how police detect drunken drivers doesn't prevent them from doing so. Just because you don't understand network packets doesn't mean everyone else is as clueless about the subject.

You also are displaying a substantial lack of knowledge of the world.

I can't help it if you missed that point about 'end points' and packet counting.

That's simply because you don't understand RFC0791 and RFC0894. Don't give up your day job wiping tables and emptying trash bins at MacDonalds.

You wouldn't have the first clue how to detect _ANYTHING_ running on a network.

Yeah - I probably shouldn't mention this, but there is a sure fire method of detecting this. It's so obvious a solution that animals, both hunters and hunted, have been using it since they began to hunt several thousand years ago. That's enough of a clue for a dairy cow - wonder if you might notice it.

Old guy

And there are programs on the market that can hunt down and destroy these things. here are a number of anti-spyware programs that can hunt down and destroy any keyloggers, application monitors, screen monitors, etc, etc, placed on your machine. If they go to examine the machine's logs, they get nothing, becuase there are no logs to examine on account of the various keyloggers and other spyware programs having been destroyed.

It uses it because it defends well against routing analysis, and nothing else. Traffic and timing analysis are way harder to mount, and might not be so relevant for simple military purposes, so it doesn't matter if the anonymization process fails for a more powerful attack.

Well, encryption hasn't much to do with TOR.

Wait a moment. The only source for the military evaluation of encryption is the DoD, which is only accountable for general military organization and the Navy. Unless you can state some relevant sources, there's nothing known about what encryption is used in military forces.

I guess you meant "War for Terror". :-)

They can. The first node can always compromise the entire security by mounting a man-in-the-middle attack, so can anyone between the client and the first node, or the server and the last node.

Encryption is used in TOR to securely implement the Onion Routing algorithm, and nothing else.

Who cares specifically for America?

Who cares for edu networks? They're not supposed to defend against tunneling.

OK, you found out that there're many stupid/incompetent admins. That's why you have to address every other admin as such and tell them about things they're supposed to be too stupid to handle adequately? With all your FUD?

No, you really don't understand the issue.

Yes, awareness is a problem. TOR isn't.

Seems like you understand that TOR really isn't the issue.

And if they were to find security applications mysteriously missing on a workstation... well, you do the math.

Walter Roberson wrote:

Well, Professional-level broadcast accounts can get stats on where people are connecting from, and as of right now, there is someone connected to my station using a Tor node in Bergen, Norway. It could be the caller that was on my show the other day, or someone else who heard it. I am currently on holiday for this week to watch the eclipse from down in French Guiana, so I am not running any shows this week, and I have music in the storage space provided by Live 365, which kicks on whenver there is no live broadcast, and the user through the Tor network signed on at 2:01 PM Pacific Daylight Time, according to the stats, and is still on at 3:27PM Pacific Daylight Time. If it is someone listening to my station from work, the boss will NEVER KNOW what is going on becuase the data stream is encrypted. Plus, Live 365 VIP listeners, which this listener is, also get 128-bit SSH/SSL encryption, so even without Tor, the outgoing data would still be encrypted. With a data stream that has been encrypted twice, once by Live 365, and then again by Tor, if somone at their work is listening, being that it is still the workday in the western part of North America, the boss will never find out what happened. For any network admins reading this, at this time, that person could be in YOUR shop listening to my station, and right under your nose, and you would have no CLUE what was going in, primarily becuase I keep the bitrate, when the automated music kicks on from Live 365, just enough to keep good enough fidelity, but low enough where the bandwidth usage, per hour, would be no more than what an average Web download would be, amounting to only a few megabytes, so it will not stick out like a sore thumb when bahdwidth statistics are compiled, When I do my talk show, oir we broadcast anything else live, I drop the bandwidth usage down even further. a 12K bitrate is low enough for talk radio, or to broadcast figure skating, or other sporting events. I raise it to

24K when the automtic music from Live 365 kicks on after live broadcasting is finished.

Moe Trin wrote: ^^^^^^^^^^^^^^^^^^^^^^ I don't think that could be a valid domain

Well, and I have the feeling that you missed that almost any legitimate server can be easily abused as end point, by transfering states or passive routing. The only thing you can control are the endpoints in your administrative domain, by not allowing to run arbitrary programs - and even that can be quite tricky.

Those RFCs don't state anything about the unavoidable existence of tunnels and estimating their bandwidths. Hint: It's not a network problem.

Being unable to break strong steganography isn't a network problem either.

No, it will only be a problem for incompetent network admins.

The "use" part implies that the user is able to execute the program. Any proper administration will stop the issue at exactly this point. Problem solved, no "nightmare".

And why should a user be able to execute such applications in first place? Just remove exec rights globally (trivial on security-enhanced Linux, trivial on Windows XP with Software Restriction policies, trivial with certain third-party security solutions for Windows 2000 and NT4), and only allow execution of all relevant applications.

And why should a user be granted with administrative privileges that are required to shut down privileged daemons or to run such programs which simply require administrative privileges to shut down privileged daemons?

All a big non-issue.

I doubt that if I'm implementing a small keylogger, that they will find.

Yours, VB.

A lot of BS.

************************************************************

I have disabled connections for less reasons! Unknown heavy traffic? --> I don't care if its Napster, WebTV/Radio, ftp, nntp, bit-torrent, mail or whatever --> heavy traffic is not allowed here! --> your MAC address will be disabled! If you have legitimate traffic (even heavy) no problem! Low traffic on "strange" ports CAN raise questions! Heavy traffic on ANY port will raise questions! Anybody trying to circumvent the firewall: You don't want to be the one!

For your info: I'm running a "public accessible Hotspot". This means that there is a lot of "strange" traffic but 99.9% of all people are well behaved! Only 1 (one) MAC address is permanently banned (Or until that laptop gets the "spamware" removed) Only 2 out of way more than 1000 people tried to abbuse the network connection! After closing all bit-torrent ports permanently and a short talk, they behaved.

Rudy