[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The use of malicious botnets to disrupt The Onion Router

To: or-talk@xxxxxxxxxxxxx
Subject: Re: The use of malicious botnets to disrupt The Onion Router
From: Ben Wilhelm <zorba-tor@xxxxxxxxxxxxx>
Date: Fri, 01 Feb 2008 22:59:18 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 02 Feb 2008 01:59:51 -0500
In-reply-to: <1935fcb50802012257m3b7ff3a3haa62c7807e9085b5@xxxxxxxxxxxxxx>
References: <1935fcb50802012257m3b7ff3a3haa62c7807e9085b5@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Thunderbird/1.5.0.7 Mnenhy/0.7.4.0

A manually administered . . . centralized list? Because, call me crazy,but a centralized list of "authorized routers" has some very, veryobvious flaws in it, both technical and security-related.


-Ben

Ron Wireman wrote:

It seems to me that we owe a lot the roughly 1,500 people who donatetheir bandwidth to our project at any one time. They give us atremendous gift that allows us to participate in unpopular or evendangerous political speech and debate, to by-pass inappropriatelyrestrictive filters, and to limit the amount of information aboutourselves that we reveal to the organizations who run the Internet siteswe access. I don't wish to divulge some of the ways in which I've usedtor to protect myself, but I'm sure all of you reading this list canthink of many examples where it has assisted you in your own life andmost of you use it on a frequent basis. All of this comes at the costof time and money from many volunteers who receive no benefit whatsoeverfrom relaying your traffic for you.
It seems to me, however, that even this gracious act of charity may beno match for the types of attacks we may be faced with as we become morepopular and, as a result, more of a target. The number of users runningtor nodes pales in comparison to the number of computers that may be inany one of the many individual botnets, which are groups of hijackedcomputers controlled in unison by a single entity. The largest of thesebotnets ever discovered had over 1,000 times the number of nodes thattor does. What happens when one of these botnets are commanded to jointor all at once and begin harvesting private data that people naivelydid not encrypt or, worse, replacing all pictures requested withgoatse.jpg? These and other malicious acts could easily take place,perhaps even perpetrated by a malevolent government entity, and wouldcause significant disruption to our router.
We must take expedient measures to prevent this type of attack, becauseas of now, tor is quite vulnerable, perhaps even critically so. Thegroup of computers that make up the official Network Time Protocol pool,a network that is used to provide extremely accurate timesynchronization for millions of computers around the world, has amanually administrated list. Since it has about as many nodes on it astor has, it suggests that maintaining such a list would not bedifficult. It seems to me that this would be an excellent way toprevent a node flood attack. Without it, tor will be rot.
Awaiting your comments anxiously,

Ron Wireman

Follow-Ups:
- RE: The use of malicious botnets to disrupt The Onion Router
  - From: Chad Z. Hower aka Kudzu
- Re: The use of malicious botnets to disrupt The Onion Router
  - From: Eugen Leitl

References:
- The use of malicious botnets to disrupt The Onion Router
  - From: Ron Wireman

Prev by Author: Which remote port is local Tor (resp pivoxy) talking to?
Next by Author: Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Previous by thread: The use of malicious botnets to disrupt The Onion Router
Next by thread: RE: The use of malicious botnets to disrupt The Onion Router
Index(es):
- Author
- Thread