[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
From: Ondrej Mikle <ondrej.mikle@xxxxxxxxx>
Date: Sun, 22 Apr 2012 19:04:27 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 22 Apr 2012 13:04:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=m9CRIeZnFJDbALg8rKe5XkJPS0qYl1kSOHY4Fa7jX0I=; b=sPgZilgA97j96I75vfIe1BwuQL9hxr5ueHdYAzR8RV8FtFQi95dn6/swKTKDNYiQvQ A2MgfX4uAlYGbeqyBPvAcycpFJL59VFdU4GJWy/PCA5P8V6cRHlAwSY0J+gzbECq97kH NdxExRKNMVg/FtELTGkoTE/EQau6siKXKU/YLjSdsb7XDn+jtvX37GdQ6ZDVfNONlv/7 Hv0EjWN/1tcMpiMxl3+ITFXaibSDzpUvH4WsCZoDrh/Xa4pkfVSs4IYrwd8vT76jXaGW IvOdQTob2juwJbo/UVSkTgUr/j/5k79zlMdElLoGRHWwCFy48G6WpeLnIVbn9VP8Nb9c 3TrQ==
In-reply-to: <4F92FF51.6010600@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4F92F6FA.7080006@xxxxxxxxx> <4F92FF51.6010600@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

On 04/21/2012 08:41 PM, Pascal wrote:
> MAC addresses are used by layer 2 protocols (see
> https://en.wikipedia.org/wiki/OSI_model ).  Once an IP packet traverses a layer
> 3 device (such as a router) the srcMac has been changed to that of the router's
> egress interface.  Unless your ISP provided your router, srcMac identifies only
> which router the packet came from, not the particular client.
> 
> Decent routers randomize source ports to prevent traffic correlation (makes it
> harder to confirm that two streams from the same router came from the same client).

Well, yes. That's exactly the point why they want to store (srcPort, srcIP) <->
srcMac mapping so that they can identify people with private IPs hidden behind NAT.

Ondrej
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
  - From: Ondrej Mikle
- Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
  - From: Pascal

Prev by Author: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Next by Author: Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Previous by thread: Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Next by thread: [tor-talk] Tor-Arm Menu Key?
Index(es):
- Author
- Thread