[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Traffic shaping attack



Oskar Wendel:
> If I limit the transfer rate in a client to a small value (I tried 5
> kB/s), the download is stable and interruptions do not occur.

This is interesting. Could you check other speeds too (50 kB/s, 100 kB/s)?

> Full dump, from SYN to FIN, can be found below. SEND are packets from my
> socks client to the Tor, RECV are packets from Tor to my socks client. It
> was a small (interrupted by me) download, but with larger downloads it
> looks very similar.

Thank you for this work. Hopefully, other users will comment on it.

>> It could also be due to the fact that Tor is effectively
>> single-threaded. If something on the user's guard node, intermediate
>> node, or hidden service is taking large amounts of CPU time, this will
>> prevent traffic from flowing while that operation is happening.
>
> It would have to run within a realtime scheduler to completely block Tor
> for several seconds... very few applications use this scheduler, at least
> in Linux.

This should not be the case. http://obscuredtzevzthp.onion has comparable
download speeds, where I easily get 600 kB/s, but cannot see any
interrupts. I conclude it is either that particular HS software
configuration or attack on that particular HS.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk