Port scanning for Anonplus possible in the future
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Anonplus |
Triaged
|
Undecided
|
Vomun Security Team | ||
Bug Description
In the future when we write a tunnel to use TCP sockets, it will be possible to do a port scan and detect potential Anonplus users by scanning on port 1337. It may also be possible to find users using Anonplus by scanning through known onion address to look for addresses which accept connections on whatever port is used by onion addresses.
This is possible because TCP sockets must send an ACK packet before receiving data so even if the protocol is encrypted, it may be possible to detect some illegal software running on that port just by a simple port scan or simple traffic monitoring.
Three steps are needed to fix this problem:
* A better way to add friends, i.e., a noderef with more detailed data
* Add the port number to that noderef
* Generate the port number which is used at random
| visibility: | private → public |
