I'll comment on that but I know Roger and others were there that might be able to explain it better.
The idea is that Tor _used to_ allow a user to define an infinite path when creating circuits so an attacker could generate circular circuits causing the queue on those circuits to go up, using up processing power, causing latency etc. This was done using a what he define as "DoS Client" and "DoS Server". So he would attempt to DoS partitions of the Tor network causing slow downs for all Tor servers involved.
At the same time an attacker would run a malicious Tor exit node that would inject a <_javascript_ ping> into the traffic which would connect back to a server which then records how often that ping is received which effectively measured the latency on that circuit. So if a client was not using one of the relays that was affected by the circular circuit, the latency would be normal. If the client _did_ use one of the nodes that were being DoS'd, the latency would suddenly spike thus proving that the entry node was a member of the DoS'd circuit.
The DoS attack would be done on different circuits until they finally found one that would slow down the latency of the attacked client which would show 1) the exit node (since it was owned by the attacker), 2) the relay node that was used,(again because the attacker owned the exit), and 3) the entry node (because it was affected by the DoS) turning Tor into the single proxy as it proposed to do.
If anyone is intersted in the presentation - it lacks the technical details but has a good overview - I don't think I can post it here so email me offline.
Nathan Evans recommended not using fixed path lengths (>3 nodes in a circuit), don't allow infinite path lengths which is fixed in the newest version of Tor, induce delays which is not going to happen, and then the rest we know - disable _javascript_, use SSL, and monitor exit nodes (see TorFlow).
The presentation was kind of crappy and it's a complicated attack so correct any of this if I"m wrong.
~ROC Tor Admin
onionroutor at gmail
On Fri, Aug 15, 2008 at 1:26 PM, Quelque Rodentis
<qrodentis@xxxxxxxxx> wrote:
Hi,
Back in May when the "de-Tor-iorate Anonymity" talk by Nathan Evans at
DEFCON 16 was announced it was discussed on this list. The (short)
discussion concluded with a decision to wait and see...
Now the talk has been given (a week ago) but so far nothing has been
said about its contents on this list. I guess I'm not the only one
wondering what new attacks were presented (if any), would anyone
attending DEFCON care to comment?
Regards,
Quelque Rodentis