[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tracing TCP Connections online..

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Tracing TCP Connections online..
From: dawuud <dawuud@xxxxxxxxxx>
Date: Mon, 10 Apr 2017 17:50:54 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Apr 2017 13:57:14 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1491846665; bh=Q6eQQUBdiJxwXDWcQI46brFj9/Cr9RiVMEz7iEVaBHA=; h=Date:From:To:Subject:References:In-Reply-To:From; b=WUL80v1vUBNZl5s7rvlgDv5EbmglbNedx/3U8m+ly6a44AMh2yorqlGUxYfgqEF26 g+ABZe77RGomVlVY4hZC0Yym79ub8ivT6UM96VBdCn1U+MVMaDSPEEfuPzNIq5rSEF iRhxmXjF49eJNdSGL7i+/6AGizKr1ibaSKqlJW7E=
In-reply-to: <CAD2Ti2_2QyahPjtCY-Md4BcrQaYYtneymFFfcd1zOxHYp10qxA@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti2_2QyahPjtCY-Md4BcrQaYYtneymFFfcd1zOxHYp10qxA@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

hella old news. oh look here's POC for end to end correlation
https://var.thejh.net/git/?p=detour.git;a=blob;f=README

but why bother chatting about this since it's explicitly not
in Tor's threat model to protect against a global passive adversary?
if you want to protect against that then look into the vast mixnet literature.

anyway for breaking tor you can read lots of good papers such as
(note that none of these papers present their definition of "hacking" or
define well known terms like TCP and UDP ;-)
:

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
https://www.freehaven.net/anonbib/cache/sniper14.pdf

Spying in the Dark: TCP and Tor Traffic Analysis
http://freehaven.net/anonbib/papers/pets2012/paper_57.pdf

A Practical Congestion Attack on Tor Using Long Paths
http://freehaven.net/anonbib/papers/congestion-longpaths.pdf

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization
https://www.freehaven.net/anonbib/cache/oakland2013-trawling.pdf


On Mon, Apr 10, 2017 at 01:21:05PM -0400, grarpamp wrote:
> re: "tcp_tracing_internet.pdf"
> 
> This appears to describe an active network modulation attack (node DoS).
> Either hammer tree on nodes of the expected path and trace the modulation,
> or on all but the expected path to find unmodulated.
> It generally requires GPA, deploying nodes, or being one end of the path...
> in order to observe the results.
> And it's old news.
> As noted before, since Tor (and all other current anonymous overlays)
> nodes do not perform their own independant buffering, reclocking and
> contracting for expected hop parameters... this vulnerability will remain.
> 
> Anyone wanting to research, code, deploy, and present on
> such countermeasures would certainly be welcomed.
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Tracing TCP Connections online..
  - From: grarpamp

Prev by Author: Re: [tor-dev] GSoC 2017 - unMessage: a privacy enhanced instant messenger
Next by Author: Re: [tor-dev] Contents of tor-dev digest...
Previous by thread: [tor-dev] Tracing TCP Connections online..
Next by thread: Re: [tor-dev] Tracing TCP Connections online..
Index(es):
- Author
- Thread