On 12/02/07, Brent Clark <bclark@xxxxxxxxxxxxxxx> wrote:
Hi all
After read the following article
http://chronicle.com/temp/email2.php?id=zht45qPrsddjvvgfcjwWPjxhFwqxyfVX
It lead to ask / wonder about and I wanted to ask.
Firstly I would like to know, how would it have have possible for them to track that Tor was been used, and more
importantly, how on earth did they know it was the the gentleman in question.
Logging the use of TOR inside you're own network is easy, TOR only
protects you're anonymity from withing the bounds of the Internet not
a LAN.
And as for how to locate him,... a simple packet sniffing utility
could pick up TOR's signatures on the network.
Other question is, how do we stop Tor from been used. Although Im for all for securing your traffic / activity etc, but
for a corporate network, that unfortunately does not work, esp with some of the activities that the end user gets up too,
L7-filtering on IPtables should do it once you have an application
signature for TOR.
Just something I was thinking.
Kind Regards
Brent Clark
--
________ ___ ________
)_ ( '-,) ) _(
)_ \_//_/ _( Ross Cameron
)___ ___( ross@xxxxxxxxxx
))
(( http://www.goal.co.za
``-
