Robert, On Fri, 30 Dec 2011, Robert Ransom wrote:
On 2011-12-30, John Case <case@xxxxxxx> wrote:Let's say I have an exit node handling average traffic and number of connections (whatever that is). Let's also say that port 22 is included in my exit policy. Now let's say that I, as the administrator, log onto the exit node and: ssh user@xxxxxxxx I understand that a global observer with traffic analysis blah blah blah. But what about someone just watching the exit node ? Is there anything at all about my ssh connection generate from within the exit node that would distinguish it from "real" exiting Tor traffic ?Someone watching all traffic to and from the exit node would be able to distinguish that connection from Tor traffic because traffic on the SSH connection would not be relayed over any OR connection (in either
Hmmm... what I meant to say is, the Tor node exits port 22 *in addition to* the rest of its exit policy. So, for example:
20,21,22,80,443,6667So someone watching all traffic in and out would see a whole lot of unknown incoming connections, all encrypted, from other tor nodes, and coming out of the node would see a whole bunch of traffic to all kinds of arbitrary destinations, over at least 6 different protocols.
How would they pick a single SSH outbound (low bandwidth, let's say an interactive shell login) and know that *that* one has no corresponding input ?
direction). Someone watching only that SSH connection (e.g. a sniffer at host.com) would be able to distinguish that SSH connection from an exiting Tor stream because your SSH client would respond to messages from the server immediately after they reach the exit node, whereas an SSH client connecting over Tor would not be able to respond until data from the server reached the other end of a Tor circuit.
Ok, so there is a response speed fast enough that it *couldn't* have just done a three-hop back and forth ... that's interesting.
BTW, is this a FAQ ? I can't be the first exit operator to be tempted by a low latency, "almost Tor" connection...
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk