[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit snooping 'research'

Thus spake Olaf Selke (olaf.selke@xxxxxxxxxxxx):

> Am 24.02.2011 08:45, schrieb grarpamp:
> > There is NO way to detect passive monitoring unless you have access
> > to the monitor.
> for each exit node I can set up a unique decoy email account one a
> machine controlled my myself, access it over unencrypted pop or imap
> sessions thru Tor and wait for a second login from a rogue exit operator
> trying to steal my mails. That's no rocket science.

There's also the approach described in section 5 of this paper, which
actually kind of clever, but might also catch things like intermediate
caching proxies. If we could figure out a way to get lots of random
black IP space and keep it secret, it would be a fun one to run

There's quite a few other side channels available if you can get on
the same ethernet segment as a sniffer, or on the same VM host as a
suspicious tor node.

Most of these techniques are also fairly easy to evade, if you try.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgphG839Yrdbb.pgp
Description: PGP signature

tor-talk mailing list