1995-10-22 - Re: Encrypted TCP Tunneler

Header Data

From: Mark <mark@lochard.com.au>
To: sameer@c2.org (sameer)
Message Hash: abe4202d23bf4009de45a009da33485b270edbda3df59cbde764e9639ea1c385
Message ID: <199510220457.AA22856@junkers.lochard.com.au>
Reply To: <199510220349.UAA04621@infinity.c2.org>
UTC Datetime: 1995-10-22 06:33:14 UTC
Raw Date: Sat, 21 Oct 95 23:33:14 PDT

Raw message

From: Mark <mark@lochard.com.au>
Date: Sat, 21 Oct 95 23:33:14 PDT
To: sameer@c2.org (sameer)
Subject: Re: Encrypted TCP Tunneler
In-Reply-To: <199510220349.UAA04621@infinity.c2.org>
Message-ID: <199510220457.AA22856@junkers.lochard.com.au>
MIME-Version: 1.0
Content-Type: text


>alpha.c2.org will soon start provided anonymous web page
>services.  You can get normal webserver access (the alpha.c2.org web
>pages will be very limited) through an anonymous shell account.

>> A more cypherpunky type of application would be to enable anonymous
>> httpd's so that your clients could advertise their nice/naughty products
>> and be safe from location identification. If they had to pack up then
>> they could move to another ISP and reconnect to the anon.net as normal.
>> (Didnt I just read this in a spam HOWTO?)

>> The problem I see is when a LEA gets involved and snoops your wires and
>> traces you back to your starting point and then traces the client that is
>> supplying nasty httpd services. You wouldnt necessarily be aware of this
>> occuring either.

How do you propose to protect entities wanting to utilise this function from

a) people sniffing the tcp packets coming in to discover who is maintaining
   a web page,

b) the above LEA attack where your own lines are monitored and data is tracked
   back thru the various networks to the web page maintainer?

c) an open LEA confrontation where they issue a warrant demanding any and all
   info you have on the web page maintainer. (e.g. co$ doesnt like whats on
   one of the pages)

The same again for the anon shell accounts.

Apart from a once off mailed to you via remailer, the creator of a web page
needs to maintain their creations. This implies a means of accessing it that
is repeatable. Wether thats via a dialup account or over the net, it can be
traced. It's only when the entity uses channels outside of the jurisdiction
or capabilities of those monitoring that some anonymity can be achieved.
(Implies they weren't monitored entering the blinding channels in the first
place).

Cheers,
Mark
mark@lochard.com.au




Thread