On Thu, Jun 21, 2007 at 10:53:08PM +0100, Robert Hogan wrote: > > This would also prevent the user resolving a dns request if it > coincided exactly with the very same request by tor. I don't know > how likely this would be in practice - I certainly haven't been > quick enough on the draw. I think this is actually a dangerous idea. We separate the client DNS cache from the server DNS cache for a reason: if you're using a Tor instance as both a client and a server, it's a good idea to keep the client's behavior more or less uncorrelated by the server's. Here's an attack: I have a server that doesn't see much usage at evil-nick.com. You have a non-exit Tor host. I suspect that you're connecting to my server. I control the DNS for evil-nick.com, so I whenever your Tor server asks for the address of evil-nick.com I give you IP1. (If it never asks, I can resolve evil-nick.com.yourhost.exit a lot.) When any other server asks, I give them IP2. If I see anybody connect to IP1, I know that it's probably your client peeking inside the server DNS. There are probably easier attacks here too. -- Nick Mathewson
Attachment:
pgpm2VB9Xdxe1.pgp
Description: PGP signature