[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Curious about the way Tor makes cells [Was: Re: TTL settings for Tor]
- To: or-talk@xxxxxxxxxxxxx
- Subject: Curious about the way Tor makes cells [Was: Re: TTL settings for Tor]
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Sun, 13 Apr 2008 14:39:56 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 13 Apr 2008 17:39:59 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=CE0AQHaAjjsvaJqPLQCIC+VBh+HnQtJ1bewWZcGEYIg=; b=tdZk2bkG8Qo/19pwl20NeGp1QSe9f6XHqnf7/ZAQ32bYDLu9L4kl30i5H817ruwR4dkEffaT6853JmICcj+BeKP+vsdrQy0hlreVZpQ/fYzIEDRTBe9/HBV5yQG9JJV9FHqHmWpw6pfOjUuI1SJL5518N+qGTT8hkkgz/38hFJE=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=SX5R31N0HK7zxyG3Y65k9fVg9Ljpx2ARuP4Xl4I7i/KjIrwBND4hsdEtew9T7hMEgSgnH2HvDEl5C6i9ftw7jy/vurfCEWisIkF0ItKtPIpXhkuSOZAzj9u/p4zpAweBObS0a1ufKzRF08Hdhu4A+5QTPVYjARRtpIQ+mBRNYIE=
- In-reply-to: <ftqssm$1ia$1@xxxxxxxxxxxxx>
- References: <ftqssm$1ia$1@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Icedove 22.214.171.124pre (X11/20080208)
-----BEGIN PGP SIGNED MESSAGE-----
> For example, should DefaultTTL be increased, so that packets don't expire
> in transit? What TCPWindowSize is better suited for Tor?
> My browser connection constantly times out, even though I set timeout to
> 1200 (as opposed to usual 300).
I know that on many of my systems, I've increased the TTL to the maximum
(255). It's probably overkill... but why not? The Internet's a different
place than it used to be.
(If someone presents a convincing argument as to why this is harmful,
though, I may change it.)
I don't know if it really makes all that much of a difference for Tor,
though, because I don't fully understand the internals of how it deals
with individual packets. For example, I know that it wraps them in three
layers of encryption (for standard outproxy traffic), and pads packets
that are less than 1500 bytes with random data up to that size, before
they're encrypted into cells (to prevent traffic analysis by size).
What I don't know is, are we talking about encapsulation (like a VPN
would do), or a complete rewrite of packets as they're encrypted into cells?
I'm pretty sure it's closer to the latter, due to:
1.) Tor offering a SOCKS interface (which means applications are aware
of a proxy being there);
2.) I remember reading that Tor prevents many OS fingerprinting
techniques (based on packets, not probing a system, of course) from
Sorry to take over your thread, but I'm very curious now. Does anyone
have any helpful links where I can find out these juicy details? =;o)
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----