Delivery-Date: Sat, 21 Nov 2015 17:37:12 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 30C671E0AEA;
	Sat, 21 Nov 2015 17:37:11 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 384B436A2C;
	Sat, 21 Nov 2015 22:37:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7C0C136918
 for <tor-talk@lists.torproject.org>; Sat, 21 Nov 2015 22:37:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tNR5CpBF99LE for <tor-talk@lists.torproject.org>;
 Sat, 21 Nov 2015 22:37:01 +0000 (UTC)
Received: from smtp.rlogin.net (pipe.rlogin.net [213.138.100.26])
 by eugeni.torproject.org (Postfix) with ESMTP id 37D5236728
 for <tor-talk@lists.torproject.org>; Sat, 21 Nov 2015 22:37:01 +0000 (UTC)
Received: from gate.rlogin.net (aaisp.rlogin.net [178.238.155.43])
 by smtp.rlogin.net (Postfix) with ESMTPSA id 808884207B
 for <tor-talk@lists.torproject.org>; Sat, 21 Nov 2015 22:36:56 +0000 (GMT)
Date: Sat, 21 Nov 2015 22:36:49 +0000
From: mick <mbm@rlogin.net>
To: tor-talk@lists.torproject.org
Message-ID: <20151121223649.298b9699.mbm@rlogin.net>
In-Reply-To: <CAB7TAMn2R01A7po+bpZX34RDgWZ4CMv2PqZi7vvDaj4fMRz0ww@mail.gmail.com>
References: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
 <564F9FD7.3060803@riseup.net>
 <AA7E7174-841B-4710-BFFA-0CE406F9F22F@gmail.com>
 <564FA467.3060905@riseup.net>
 <CAB7TAMmfAUO1+_kFhMXvSKGZCaBp-ZuMQ8BzHYt_GqphojEofA@mail.gmail.com>
 <8AAB7E6C-291F-41B8-B8DC-C0D4CB2F37B9@gmail.com>
 <20151121214350.GF16523@inner.h.apk.li>
 <CAB7TAMn2R01A7po+bpZX34RDgWZ4CMv2PqZi7vvDaj4fMRz0ww@mail.gmail.com>
MIME-Version: 1.0
Subject: Re: [tor-talk] MITM attack on TLS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0566552506685050697=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============0566552506685050697==
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/6DgkCUfJMrBC7a22LvouwE3"; protocol="application/pgp-signature"

--Sig_/6DgkCUfJMrBC7a22LvouwE3
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sat, 21 Nov 2015 16:56:12 -0500
Allen <allenpmd@gmail.com> allegedly wrote:

> >
> > > SSH is probably more dangerous than OBFS4 because it coulee be
> > > detected
> > with a DPI fingerprint.  They might question that.  I think Tor with
> > transports is good.
> >
> > On that paranioa level OBFS4 is as dangerous as SSH - it doesn't
> > matter if they see traffic they can fingerprint as ssh or they see
> > traffic they cannot fingerprint. They get suspicious in both cases.
> >
> >
> Personally, I would think SSH is much safer.  It is used by IT people
> all the time for server management, so they will understand it.  The
> destination address will be a cloud server, which you can simply say
> you are using for a personal project.  OBFS4 on the other hand is not
> normally used by IT people--it is used to get around IT people.  They
> will immediately be very suspicious if they are able to figure out the
> protocol.  And the destination IP address is who-knows-what, which
> could by itself raise questions and might even lead them to think a
> computer on their network could be infected with a virus that needs
> immediate investigation.  In the end, a protocol they know and
> understand and use in their own work will be much less threatening to
> them than something they don't.

To the OP (and others who may wish to try something similar) my strong
advice is "don't, just don't". I've been a network admin and sysadmin
on corporate systems. Unauthorised traffic on such a network /will/
attract attention, /will/ piss off the admins and almost /certainly
will/ result in disciplinary action including and up to summary
dismissal depending upon the terms of your contract.

Mick

---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------


--Sig_/6DgkCUfJMrBC7a22LvouwE3
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJWUPIIAAoJEAof5gtbrdMSuW8QALp4bzTnaGdwX9Kb6eYxiuaa
TcIMfTrjyf2vKQh/2Z3d8d1ptRBvzfgYwLb9SF2ek5jphkV6N2m5QY3OWMSOrhoO
98au7ikA4RFHXURSJeNj43KrO6IcQ0HcPLRslRfldmoMT0XAj5VUF3RDX3QR0wN1
51BWvHyDkzHAt7CTKesFOhq0iIPVayQPV4Cblhr6QkPiBe35QaajczKHDyNAK6VS
FX66FJbeqHmNjhKwpzxtf+LNiPUEGdOJcbSZxU9EY5E6E8Opt/EplurV4zvKrr7G
ndpnqjYDMeKG1RHHcEi8as5ET3YlWaQT5lZ8tniEURqf1iZgDeKMqGqLnVe5uQfG
zeJWLtAdnCQ7RqJd+eW61aCzergK6tiU/LXD18k47QNoU2HwE5DBdrtgZQZxz/TL
uOmHntGW/zr3lR5grOK0DGY5lW7OfwQHoo3HPcIsXTzUuvP0f14z+DG97PQtC/8a
ZhlvmKpvpyt0AyZn3GrbrwtAvx5vTwP6WVrBpYPqgsV1m48nPdiDhibkmV7x0fVJ
7BdeMfANL/iXYGzzOUZnd74hjb6fNuIlGbpim8rgbly3Vybqh43S4LkDa9UB2sG1
WKkAH29cXRhmPFNVgQSOjg/BvMKpnq2HUp58lvC3yzJCAr9858Cfy0RVcw9iA7qu
zQFXI+F6PiqeAuTyTdnX
=FW5X
-----END PGP SIGNATURE-----

--Sig_/6DgkCUfJMrBC7a22LvouwE3--

--===============0566552506685050697==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0566552506685050697==--

