On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa5296a221daa8a295280b37b2546e2bf
Folks are coming out of the woodwork to mentor so we still have ten
projects (yay!), but not much concerning core tor. if you'd care to
mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting
selected!
I'd be happy to be the second mentor for any Python-based project,
particular if it's related to hidden services or network monitoring.
Regards,
Donncha
A project I discussed last night with Donncha and Yawnbox is
Title:
IP hijacking detection for the Tor Network.
Description:
IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when
a bad
actor creates false routing information to redirect Internet traffic
to or
through themselves. This activity is straightforward to detect,
because the
Internet routing tables are public information, but currently there
are no
public services that monitor the Tor network. The Tor Network is a
dynamic
set of relays, so monitoring must be Tor-aware in order to keep the
set of
monitored relays accurate. Additionally, consensus archives and
historical
Internet routing table snapshots are publicly available, and this
analysis
can be performed retroactively.
The implications of IP hijacking are that Tor traffic can be
redirected
through a network that an attacker controls, even if the attacker does
not
normally have this capability - i.e. they are not in the network path.
For
example, an adversary could hijack the prefix of a Tor Guard relay, in
order
to learn who its clients are, or hijack a Tor Exit relay to tamper
with
requests or name resolution.
This project comprises building a service that compares network
prefixes of
relays in the consensus with present and historic routing table
snapshots
from looking glass services such as Routeviews
(http://routeviews.org), or
aggregators such as Caida BGPStream (https://bgpstream.caida.org) and
then
issues email alerts to the contact-info in the relay descriptor and a
mailing list. Network operators are responsive to route injections,
and
these alerts can be used to notify network operators to take immediate
action, as well as collect information about the occurrence of these
type of
attacks.
Estimated time to build this service: 3 months
--Aaron
_______________________________________________
tor-project mailing list
tor-project@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project