[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit snooping 'research'

On Thu, 24 Feb 2011 02:45:34 -0500
grarpamp <grarpamp@xxxxxxxxx> wrote:

> > Of course, until you factor in the information we received later which
> > is that a researcher has apparently been using a technique to discover
> > "passively" eavesdropping nodes, and the node in question here came
> > up. Sort of mooting the whole discussion until the research is
> > published.
> The above has been mentioned twice now as some sort of
> pending serious, paper worthy, research.
> Some corrective Network Engineering 101 is obviously needed here
> before some poor soul ends up mis-educated.
> There is NO way to detect passive monitoring unless you have access
> to the monitor. Real world passive monitoring involves mirrored
> upstream switch ports or optical splitters. No contact, separate devices,
> that's why it's called passive. Don't try to mention optical dB loss, spectral
> anomalies, bump insertion events, TEMPEST, heat and power consumption...
> because, as a user, you don't have access to those. Nor try to claim
> anything about running BPF on the same machine as the node thus
> overloading the box and perturbing flows or exploiting the listener
> process.... because that's not proper passive snooping and thus you're doing
> it wrong.
> Now you could properly rename that 'detection' word to 'entrapment'
> where you watch for the use of your unique seed. But that's a different
> thing, obviously.
> Now if you'll excuse me, I have another 100GiB of quietly recorded traffic
> to sift through before Friday ;-)
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

The detection method uses secret magic that depends on the sniffing node on
doing subtle non-passive things not mentioned in this thread.

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list