[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Differences between real exit traffic and exit-generated traffic ?
On 2011-12-30, John Case <case@xxxxxxx> wrote:
>
> Let's say I have an exit node handling average traffic and number of
> connections (whatever that is). Let's also say that port 22 is included
> in my exit policy.
>
> Now let's say that I, as the administrator, log onto the exit node and:
>
> ssh user@xxxxxxxx
>
> I understand that a global observer with traffic analysis blah blah blah.
>
> But what about someone just watching the exit node ? Is there anything at
> all about my ssh connection generate from within the exit node that would
> distinguish it from "real" exiting Tor traffic ?
Someone watching all traffic to and from the exit node would be able
to distinguish that connection from Tor traffic because traffic on the
SSH connection would not be relayed over any OR connection (in either
direction). Someone watching only that SSH connection (e.g. a sniffer
at host.com) would be able to distinguish that SSH connection from an
exiting Tor stream because your SSH client would respond to messages
from the server immediately after they reach the exit node, whereas an
SSH client connecting over Tor would not be able to respond until data
from the server reached the other end of a Tor circuit.
Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk