[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The use of malicious botnets to disrupt The Onion Router

A manually administered . . . centralized list? Because, call me crazy, but a centralized list of "authorized routers" has some very, very obvious flaws in it, both technical and security-related.


Ron Wireman wrote:
It seems to me that we owe a lot the roughly 1,500 people who donate their bandwidth to our project at any one time. They give us a tremendous gift that allows us to participate in unpopular or even dangerous political speech and debate, to by-pass inappropriately restrictive filters, and to limit the amount of information about ourselves that we reveal to the organizations who run the Internet sites we access. I don't wish to divulge some of the ways in which I've used tor to protect myself, but I'm sure all of you reading this list can think of many examples where it has assisted you in your own life and most of you use it on a frequent basis. All of this comes at the cost of time and money from many volunteers who receive no benefit whatsoever from relaying your traffic for you.

It seems to me, however, that even this gracious act of charity may be no match for the types of attacks we may be faced with as we become more popular and, as a result, more of a target. The number of users running tor nodes pales in comparison to the number of computers that may be in any one of the many individual botnets, which are groups of hijacked computers controlled in unison by a single entity. The largest of these botnets ever discovered had over 1,000 times the number of nodes that tor does. What happens when one of these botnets are commanded to join tor all at once and begin harvesting private data that people naively did not encrypt or, worse, replacing all pictures requested with goatse.jpg? These and other malicious acts could easily take place, perhaps even perpetrated by a malevolent government entity, and would cause significant disruption to our router.

We must take expedient measures to prevent this type of attack, because as of now, tor is quite vulnerable, perhaps even critically so. The group of computers that make up the official Network Time Protocol pool, a network that is used to provide extremely accurate time synchronization for millions of computers around the world, has a manually administrated list. Since it has about as many nodes on it as tor has, it suggests that maintaining such a list would not be difficult. It seems to me that this would be an excellent way to prevent a node flood attack. Without it, tor will be rot.

Awaiting your comments anxiously,

Ron Wireman