[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: What to do at IP number change?

dr._no@xxxxxxx wrote:
Another point is that without a tor server my home would be vulnerable to traffic analysis and a further point is that a tor server is more safe than only a client.
I think this depends largely on what type of traffic analysis we're talking about. Traffic analysis, just looking at traffic, almost always divulges some level of information. For example, if a local passive adversary simply watched a Tor Relay that was suspected to also contain a Tor Client, then one could imagine a simple traffic analysis as follows:

1) Establish running totals of all incoming and outgoing traffic from the machine.

2) Then, closely monitory when it is the case that the outgoing traffic level "spikes" or when the incoming traffic level "spikes" as they could indicate that a Tor Client was using the relay as an entry point. How much it "spikes" could fingerprint a website ... or even be a maliciously modulated signal from an evil server might you might have connected to via your tunnel.

This exploits the behavior of a basic Tor Relay, in which everything that enters a relay must [immediately] leave that relay. This traffic alone would generate what appears equal/average incoming and outgoing msgs. Any spikes in the entering / leaving traffic is therefore probably not from the Tor Relay itself, but, from something else. (or course, this ignorse dir service lookups, bridges, and prly a few other things).

Sounds like an interesting research project.

Best Regards,