[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tracking locally originated traffic from an exit node ... ?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: tracking locally originated traffic from an exit node ... ?
- From: Martin Fick <mogulguy@xxxxxxxxx>
- Date: Tue, 3 Aug 2010 17:09:39 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 03 Aug 2010 20:09:45 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1280880579; bh=5pOiZtg82/uAfuQR0N971bDObVXI7gSRYraalMvX/XQ=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=SPBiZvZa6VgqFDqTxgQdCtcIcIOpekTNrr78sWl1N+GU0dToYKFMA8Bb7yXJo3U7j8vq1kXp1eqbJXHA0fK12HCUwWcuvXAtClCTiCfNHn40c7pg+c7i3XeOKV+jjpteuFj/2SNEn4ssWpfC9ioWHRHU13nE66rkRXWJ7hhnPzc=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=x9TbwGSoPW1NiJXZqSj+DCGgFGvUEfLMAD9MO0Va3L5qQrR0OPWw6crXMXNwKfG3uI7AEF7LzNOngEh8Y4DH9fmmD/+8MTtY69MhpadKgAyftDAQ1Ck5O0Sb26K+LQ15o9COvx1T3/d0Zw91K2PYl+2SJM//qP8vINFB5pU65LA=;
- In-reply-to: <Pine.NEB.4.64.1008032326480.19931@xxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
--- On Tue, 8/3/10, John Case <case@xxxxxxxxxxxxxxxx> wrote:
> On Tue, 3 Aug 2010, Martin Fick wrote:
>
> >> So ... if I've got a 5 or 10 mbps exit node with a
> >> healthy
> >> list of connections, can I use lynx locally to
> >> browse anonymously ?
> >
> >
> > I suspect that latencies would strongly differentiate your
> > traffic from regular tor exit node traffic. Also, while
> > you may have a decent amount of tor bandwidth, how much of
> > that bandwidth can actually be used by an individual tor
> > user? Individual tor users going through at least 2
> > other nodes before yours may still be severely BW limited
> > before reaching your exit node. If your traffic is not
> > so BW limited, it will likely stand out again.
>
>
> Ok, I'd like to address both cases...
>
> There's really no way they could see latency unless they
> had compromised the system itself.
What about ACKs in a TCP stream? What
about application level responses? If I
know the site being visited, and I know
that loading a certain web page has
certain images in it, wouldn't it be
fairly easy to identify when the latency
is really low if some of those images on
the page are requested very soon after
the HTML is downloaded? You have used
tor, haven't you? :) You do realise how
bad the latencies can be?
> As for the speed, that may be the case, but I don't think
> it's _necessarily_ the case.
Well, of course, I didn't say it was nec.
the case, but I sure would be concerned
about it if you take your anonymity
seriously.
> That is, it might look
> interesting that particular connections were high bandwidth,
If I can monitor your incoming traffic and
determine which middle nodes are connected
to you, shouldn't I be able to get a fairly
good idea on the maximum BW of each since
it is advertised? If not a single middle
node can match your output BW, it's a sure
bet it is not tor BW! Now, let's suppose
that only one middle node can match your
output BW, it might be fairly easy to
determine that this node is not currently
transmitting to you at the BW of your
output, again, foiled. In fact, if I can
simply monitor every single input stream
to your node, I can tell if any single one
is large enough to match your output BW,
if not... This all seems pretty easy if I
only have to observe your node.
> but is there anything implied literally in the code that
> would preclude that ?
No idea,
-Martin
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/