[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
From: jpmvtd261@xxxxxxxxxxx
Date: Tue, 12 Sep 2017 23:00:57 +0200 (CEST)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 12 Sep 2017 17:01:12 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=laposte.net; s=mail0; t=1505250057; bh=1/lELDLy+t55QQIsf7xygSelnWGGtz6lPvLuJqCsarg=; h=Date:From:To:Subject; b=RqqOXuu77torFNhB6Vf7F7gUjwRZX58Fnv6rO7DmoGtMliDnndKpKxfI+1a5aZ0u+ OZszBViLwSH6iHmf6lwJYvA28/G/64WjdFLGVdjMuwkAZ//UrywL37A82sJBXTkDOW A43Vc3bwx9FPCKhXs7CPiBTdYVhMyyprHzPMnWGsSSEcpZbGMteOvFgztMIxo6fHdD /jWBl3/TTfvDqdQBViqx318PBajtG9cQz9AmTxpfJFuGuIjulVGFJCLolI/gw66r36 n+poTkcVvbCAGzN2lhIMkS8LbiSctUqcRTCnGYMl6NaOtzxch1EUURjMLni3MAAyV1 qUXlGG4/VEwYQ==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: XdD0ap7l0u71u5r0PxTa79swa7N7ZA==
Thread-topic: HOW-TO: Simple DNS resolver for tor exit operators

On 12/09/2017 20:25, Ralph Seichter wrote:
> I'm not certain what you consider a "DNS attack".
> 
> Many exit node operators run a caching DNS resolver on their exits,
> which is easily done. Lacking that, you can use the resolvers run by
> your ISP, who can monitor all outbound traffic anyway, as I mentioned.
> 

An attacker can try to find what websites a Tor user has visited, by
comparing :
 - the timing of Tor user home connection traffic and
 - the timing of DNS queries happening on DNS servers controlled by the attacker

On this webpage, the author talks about "correlation" attack :
https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Next by Author: Re: [tor-relays] A Common Thread: Guard Status
Previous by thread: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Next by thread: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Index(es):
- Author
- Thread