[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: ISP controlling entry/exti ("Low-Resource Routing Attacks Against Anonymous Systems")

That's true and perhaps tor should have a country hopping system. If
we only allowed one-per-country-per-circuit then tor would defend
against everything except ECHELON and governments posing as
corporations/individuals running tor circuits.
Ringo Kamens

On 2/25/07, xiando <xiando@xxxxxxxxxx> wrote:
> Concerning an ISP controlling both entry and exit nodes:  when Tor
> clients build paths, they avoid choosing two nodes on the same /16
> subnet (see path-spec.txt).  So, it does not seem that this is likely to
> happen.

This is false. These are actually both at the same ISP (Same datacenter,
provider): - Tor router Nadia. - Tor router Lillemy.

In this case there's no simple way to figure out that they are next to each
other (sort if, four rows of racks away or something like that). They're in
MyFamily, so Tor knows not to use both of those in the same path in this
case, but it should be assumed that The Adversary isn't going to tell Alice
or Bob about it's involvement with multiple routers.

Just to give another example, some of Norwegian Goverument ISP
Telenor's /16's:

It don't know if this information really matters regarding the paper in
question. I just wanted to point out that looking at /16, or /8 for that
matter, does not in any way prevent one Tor circut from going entirely
one ISP's network.

Does it really matter? I don't know. Something like the directory
looking at the servers netname: could be one way of identifying routers
within one ISP.

But.. that'll probably help if the ISP is the adversary. And this may be the
case. So perhaps only one tor router pr. ISP would be a good idea.

It may also be the case that ISPs in a whole country is the adversary, for
example, SORM hardware connected to Federal Agency of Government
Communications and Information (FAGCI) is installed at ALL the ISPs (There
are some fights about this laid out the press from time to time, some
but generally speaking ISPs got SORM). FAGCI also owns RELCOM, a major ISP.

So FAGCI as the adversary: No exit/entry within Russia in the same circut.
does listing a whole country as one family help? Is it a good idea? Or is

My personal assumption is that if FAGCI  wants to know the location of US
forces in Irak and around Iran - so they can pass it on to Iran - and we
assume they assuming the US use Tor for their security...

...then FAGCI should just sign up Tor-servers at as many different ISP's
around the world as they can afford (And FAGCI is very well-funded).

Which kind of leaves the solution: Grow Bigger. Tell your friends to run
Tor-servers. Tell your corporation to do so. Tell NSA and other branches of
DoD to do so. And FAGCI. ;-)

It's possible to change path-spec.txt to look at ripe's netname:, or look at
the country, or look at /8 instead of /16. But the real answer as I see it
just a way bigger Tor-network, 800 routers, pfft, setup 800 yourself and
you're half the network. 8.000 routers, now it's getting very expensive to
half the network.