[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
MAC addresses are used by layer 2 protocols (see
https://en.wikipedia.org/wiki/OSI_model ). Once an IP packet traverses
a layer 3 device (such as a router) the srcMac has been changed to that
of the router's egress interface. Unless your ISP provided your router,
srcMac identifies only which router the packet came from, not the
Decent routers randomize source ports to prevent traffic correlation
(makes it harder to confirm that two streams from the same router came
from the same client).
If you need deniability, don't use an ISP provided router, make sure
your router randomizes source ports, and have an open guest wifi network
(though obviously make sure the guest network can only access the
Internet, not your LAN).
On 4/21/2012 1:05 PM, Ondrej Mikle wrote:
If the ISP's records store [srcIP, srcPort, srcMac, dstIP, dstPort, size,
startTime, endTime] for every TCP connection, then it's definitely doable; note
that srcMac is MAC of client visible from ISP's side of the router to internet
(so that clients behind NAT can be identified, though the srcPort gives that
tor-talk mailing list