[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: How can I trust all my Tor nodes in path
Nick Mathewson writes:
> Hi, Seth!
>
> On Fri, Dec 01, 2006 at 01:15:39PM -0800, Seth David Schoen wrote:
> [...]
> > Hmmm, if someone owns (not just eavesdrops on) all three nodes, they can
> > connect the sessions in a more reliable way than just a timing attack.
> > One approach would be to record TCP port pairs, which temporarily identify
> > a connection on one end with a connection on the other end. For example,
> > my local machine knows that I'm currently using TCP port 43514 to make a
> > connection to the SSH service on the server; the server also knows that
> > the client connecting to it is using TCP port 43514. Thus, both ends know
> > that client:43514 <----> server:22 (at this particular moment) refers to
> > the same TCP session.
>
> Actually, Tor tunnels multiple circuits over each TLS connection, so
> remembering ports won't do the job. An attacker who can compromise an
> entire circuit's worth of servers will also need to remember the
> circuit IDs for each circuit. Still, it wouldn't be hard for an
> attacker to modify Tor to log this.
Whoops, thanks for the clarification! That makes more sense.
--
Seth Schoen
Staff Technologist schoen@xxxxxxx
Electronic Frontier Foundation http://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107