[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
From: Philipp Winter <phw@xxxxxxxxx>
Date: Wed, 20 May 2015 17:10:04 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 May 2015 11:10:23 -0400
In-reply-to: <CADop2NHxbKqiMVAW0uzfTGA-wa6Nuv+x6aGAGRDiE=5Af+oUPQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
References: <CADop2NHxbKqiMVAW0uzfTGA-wa6Nuv+x6aGAGRDiE=5Af+oUPQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, May 20, 2015 at 10:42:27AM +0800, Virgil Griffith wrote:
> Tom: If a hostile relay receives a connection from a ip-address A that
> is not listed in the Tor consensus, as far as I understand the hostile
> relay stills has two possibilities about ip-address A:
> 
> (1) A is the client
> (2) A is a bridge
> 
> I do not understand how the "reverse renumeration" attack you mention
> (p136 of your 100-ft-summary) is able to distinguish between these two
> cases.

If the hostile relay has no Guard flag, it shouldn't receive direct
connections from clients.  If it does have the Guard flag, it could port
scan the previous hop to see if it has an open (OR) port.  (Active
probing-resistant bridges would leave some uncertainty, though.)

Some more details about this attack are in Section III.D of:
<http://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf>

Cheers,
Philipp
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
  - From: s7r

References:
- [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
  - From: Virgil Griffith

Prev by Author: Re: [tor-talk] google meek server returns 403 error to Iranian IPs !
Next by Author: Re: [tor-talk] SOCKS proxy to sit between user and Tor?
Previous by thread: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
Next by thread: Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
Index(es):
- Author
- Thread