On Thu, 24 Feb 2011 02:45:34 -0500 grarpamp <grarpamp@xxxxxxxxx> wrote: > > Of course, until you factor in the information we received later which > > is that a researcher has apparently been using a technique to discover > > "passively" eavesdropping nodes, and the node in question here came > > up. Sort of mooting the whole discussion until the research is > > published. > > The above has been mentioned twice now as some sort of > pending serious, paper worthy, research. > Some corrective Network Engineering 101 is obviously needed here > before some poor soul ends up mis-educated. > There is NO way to detect passive monitoring unless you have access > to the monitor. Real world passive monitoring involves mirrored > upstream switch ports or optical splitters. No contact, separate devices, > that's why it's called passive. Don't try to mention optical dB loss, spectral > anomalies, bump insertion events, TEMPEST, heat and power consumption... > because, as a user, you don't have access to those. Nor try to claim > anything about running BPF on the same machine as the node thus > overloading the box and perturbing flows or exploiting the listener > process.... because that's not proper passive snooping and thus you're doing > it wrong. > > Now you could properly rename that 'detection' word to 'entrapment' > where you watch for the use of your unique seed. But that's a different > thing, obviously. > > Now if you'll excuse me, I have another 100GiB of quietly recorded traffic > to sift through before Friday ;-) > _______________________________________________ > tor-talk mailing list > tor-talk@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk The detection method uses secret magic that depends on the sniffing node on doing subtle non-passive things not mentioned in this thread.
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk