On Tue, Jan 02, 2007 at 01:39:05AM +1100, Wikileaks wrote: > Open an onion connection to the hidden service, asking for echos. > Now flood each router. If the "ping" is overly delayed, the router > is on the hidden path. This is a special case of the attack described in 5.2 of [1]. If we assume that the hidden service is on a Tor server then the nodes which will show positive correlation will the the hidden service and the guard node. If the guard nodes are stable then this gives the hidden service some protection. If the hidden service is not on a Tor server, and there is no other way for the attacker to build a list of candidates to ping, then the attack becomes a lot harder. Furthermore, there is no reason the hidden server needs to respond to pings, or even have a public IP address. Tor only requires that the hidden service be able to make outgoing TCP connections. Hosting the hidden service on a Tor node gives some plausible deniability, but opens up attacks like the one you describe. Thanks, Steven. [1] http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf -- w: http://www.cl.cam.ac.uk/users/sjm217/
Attachment:
pgpq83kENd3Uj.pgp
Description: PGP signature