Delivery-Date: Thu, 30 Apr 2015 14:20:46 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 626EC1E101D
	for <archiver@seul.org>; Thu, 30 Apr 2015 14:20:44 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7622D34654;
	Thu, 30 Apr 2015 18:20:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0A5ED20A45
 for <tor-talk@lists.torproject.org>; Thu, 30 Apr 2015 18:20:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jLmQpE_WiW3S for <tor-talk@lists.torproject.org>;
 Thu, 30 Apr 2015 18:20:36 +0000 (UTC)
Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com
 [209.85.213.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D5E692098B
 for <tor-talk@lists.torproject.org>; Thu, 30 Apr 2015 18:20:36 +0000 (UTC)
Received: by igbhj9 with SMTP id hj9so21194142igb.1
 for <tor-talk@lists.torproject.org>; Thu, 30 Apr 2015 11:20:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=i1Fya/VrXbTZKIZi0EbU4XKQn8hdgTxXP83QvlHMpyA=;
 b=jiDYaXaNR3VjDyVASLbomhSNfByTZ4F6lmTBgy0tdADt5KhBGJ5T1TYFcUz91GwBBf
 AxTV/3HLXs9XarLuSe9I8vqs/1ZVGjdK9Px/RtYiJJuBjfEx4g+40fu35+3Mkv7OjMjM
 EbTzLhnAL8GqHVp9HAK9kujYSwbTtVmgYQp4kdWeA0uK2jKH7NahsP4GbP/5e0GUqKR/
 xu58JPaq137gTop/1RidNZlIurnmzCCmGuxQa01rYSEbq08bDVTBDc6Owkdg2yrdLmOo
 4qQ84jQ0bLUD/6VOi5xqexdbwGx4yJQWh/UQxtcA7kONXZ/A8uZsD9G/sHUwkMvLb1bu
 IgMw==
X-Gm-Message-State: ALoCoQn285lo93WkJIG3wfrObABQwKaVUqXvPcaW/5SKsS//vcGnJi6ONIvbkANSzHQUYyGluk+5
MIME-Version: 1.0
X-Received: by 10.50.21.1 with SMTP id r1mr5341645ige.46.1430418034602; Thu,
 30 Apr 2015 11:20:34 -0700 (PDT)
Received: by 10.107.130.169 with HTTP; Thu, 30 Apr 2015 11:20:34 -0700 (PDT)
In-Reply-To: <20150430181745.GL10036@mail2.eff.org>
References: <55427070.5050907@georgetown.edu> <55427148.2010000@georgetown.edu>
 <20150430181745.GL10036@mail2.eff.org>
Date: Thu, 30 Apr 2015 14:20:34 -0400
Message-ID: <CAJOXXmxXYKQtpcWuU_ySO9y4kyGUK6+Tj33XL1bNgu=hqNNwTA@mail.gmail.com>
From: Frederick Zierold <Frederick.Zierold@georgetown.edu>
To: tor-talk <tor-talk@lists.torproject.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] What is being detected to alert upon?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Thanks for replying.  I understand it is a spy vs spy type of situation but
what do they see currently?  I don't believe they are seeing it by the IP
addresses (or so they claim).

Is it something in the handshake the is triggering the alert?



On Thu, Apr 30, 2015 at 2:17 PM, Seth David Schoen <schoen@eff.org> wrote:

> Frederick Zierold writes:
>
> > Hi,
> >
> > I am very curious how a vendor is detecting Tor Project traffic.
> >
> > My questions is what are they seeing to alert upon?  I have asked them,
> > but I was told "that is in the special sauce."
> >
> > Is the connection from the users computer to the bridge encrypted?
> >
> > Thank you for your insight.
>
> Are they detecting non-public bridge traffic, or only normal entry
> guards?
>
> Detection and obfuscation is kind of a big topic that's been around for
> some years, so there are a lot of possibilities.
>
> --
> Seth Schoen  <schoen@eff.org>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
-- 


Frederick Zierold, CISSP
University Information Security Office (UISO) Security Analyst

Direct: 202-687-5784
Office: 202-687-3031
Fax: 202-687-1505

UISO Security Services:
http://security.georgetown.edu, 202-687-3031 or security@georgetown.edu

UISO Identity & Access Management Services:
http://netid.georgetown.edu, 202-687-2999 or netid@georgetown.edu)
https://www.facebook.com/GeorgetownTechnology
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

