Port scanning for Anonplus possible in the future

Bug #912561 reported by aj00200 on 2012-01-05
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Anonplus
Undecided
Vomun Security Team

Bug Description

In the future when we write a tunnel to use TCP sockets, it will be possible to do a port scan and detect potential Anonplus users by scanning on port 1337. It may also be possible to find users using Anonplus by scanning through known onion address to look for addresses which accept connections on whatever port is used by onion addresses.

This is possible because TCP sockets must send an ACK packet before receiving data so even if the protocol is encrypted, it may be possible to detect some illegal software running on that port just by a simple port scan or simple traffic monitoring.

Three steps are needed to fix this problem:
* A better way to add friends, i.e., a noderef with more detailed data
* Add the port number to that noderef
* Generate the port number which is used at random

aj00200 (aj00200) on 2012-03-31
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Related questions