[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torifying applications



On Sat, Jun 18, 2011 at 01:59:27PM -0400, nikhil dhar wrote:
> I am trying to see if it is possible to determine the identity of an attacker if he uses these applications behind tor. 

There are a few existing papers on this subject, particularly on
unmasking the application someone is using through Tor's circuit reuse.
But of course, we'd be eager to hear from your results :)

> First, by bad performance do you  mean throughput, cpu performance or latency(how quickly the replies are coming back). 

You will have a very high latency on connection establishment (even
higher if there is no existing circuit, i.e. in the beginning and at
least every ten minutes, which is the circuit rotation duration).
CPU performance hit is negligible, unless you do something that is
very unusual.
Throughput is usually rather good after the connection is established.

>Also a socks proxy would not give the advantages of tor (as in
> the connections switching every n secs)??.

What are the advantages you would like to see?

Existing Tor circuits will be reused for 10 minutes, unless the circuit
breaks. See
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#HowoftendoesTorchangeitspaths.

One thing that I hope you took into consideration: Tor only does TCP and
DNS (and the latter is an exaggeration - tor-resolve simply does a SOCKS RESOLVE). nmap by default pings first, for instance - this packet will be sent from
your real IP.

Cheers,

Manuel

Attachment: pgpirzWpYS8zU.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk