On Sat, Jun 18, 2011 at 01:59:27PM -0400, nikhil dhar wrote: > I am trying to see if it is possible to determine the identity of an attacker if he uses these applications behind tor. There are a few existing papers on this subject, particularly on unmasking the application someone is using through Tor's circuit reuse. But of course, we'd be eager to hear from your results :) > First, by bad performance do you mean throughput, cpu performance or latency(how quickly the replies are coming back). You will have a very high latency on connection establishment (even higher if there is no existing circuit, i.e. in the beginning and at least every ten minutes, which is the circuit rotation duration). CPU performance hit is negligible, unless you do something that is very unusual. Throughput is usually rather good after the connection is established. >Also a socks proxy would not give the advantages of tor (as in > the connections switching every n secs)??. What are the advantages you would like to see? Existing Tor circuits will be reused for 10 minutes, unless the circuit breaks. See https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#HowoftendoesTorchangeitspaths. One thing that I hope you took into consideration: Tor only does TCP and DNS (and the latter is an exaggeration - tor-resolve simply does a SOCKS RESOLVE). nmap by default pings first, for instance - this packet will be sent from your real IP. Cheers, Manuel
Attachment:
pgpirzWpYS8zU.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk