[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Possible attack method?? Question..

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Possible attack method?? Question..
From: "Ringo Kamens" <2600denver@xxxxxxxxx>
Date: Fri, 11 Jan 2008 17:19:06 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 11 Jan 2008 17:19:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=wyySxoaR7ouneICoWOe/hRWkn10fVJFU18jXYx5cvrc=; b=KmSpBYn2gzmAlUmLx44GnRURFZUw0KOWu2bG+4zFBv7ehq27FgEpqgzwbGiPzlUkZP/uQY5gBOdJerm2XbGiwi4wQQFh9Vbp0idmU0EcIiTfi+TrU6Mf3hhe3YCX9QvfriRl95HjSi8UEBU+ZDEcztSc2EyiwrarLMQ832PjKj4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=bMvozcNIRpySFbjLJZk1dPledKJKTbfEsmEAALKLmJS0Gr2cU3gubDWI/dXfjH8dzxPw8C7gNkMznAKKhvG8AmQa37X9MgR8y/24uNbdPOsNjUwLhMusVDhqr0gdkWnv9pPZvpMwnV4PWGKUuBjPMGfSdQpJcxDi5A/JgaiS4JQ=
In-reply-to: <4787E774.6050708@xxxxxxx>
References: <593627.39301.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <3922422b0801111322h66ff6e05u4de23f7d757cad79@xxxxxxxxxxxxxx> <4787E774.6050708@xxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Well, kind of. Imagine if a person constantly download a ton of data (say a large iso for several hours). That person would be seen as "the person". So you have to differentiate yourself from other traffic to conclusively prove it was you. Now, a much more effective means is to go "these 10 people connected between 1 and 3 pm as we know our suspect did. In that case, we can do background checks on them and rule out certain individuals". If you're leaking internal CIA documents or fighting any adversary of that skill, I don't think tor is strong enough and you should never ever ever challenge a government agency of that type of strength regardless of the legality of your activity from your home connection.
Comrade Ringo Kamens

On Jan 11, 2008 5:02 PM, Jon McLachlan <mcla0181@xxxxxxx> wrote:

(please correct me if I'm incorrect but...)

if the adversary controls your entry-guard (which is nearly impossible
to detect and considered a 'strong' adversary)
if the adversary controls input to your tunnel (like text in an email,
which is easy)
and, if you do not use end to end encryption,

Then, the adversary can perform traffic analysis on the exit node, and
the adversary can easily discover your true ip.

~Jon

References:
- Possible attack method?? Question..
  - From: Anon Mus
- Re: Possible attack method?? Question..
  - From: Ringo Kamens
- Re: Possible attack method?? Question..
  - From: Jon McLachlan

Prev by Author: Re: Possible attack method?? Question..
Next by Author: Re: Input required on Secure Wiki project
Previous by thread: Re: Possible attack method?? Question..
Next by thread: Re: Possible attack method?? Question..
Index(es):
- Author
- Thread