[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Traffic shaping attack



On 3/18/16, Oskar Wendel <o.wendel@xxxxx> wrote:
> Let's set up a service in a way that it will modulate the traffic, so the
> download would look like:

That's active manipulation in / at one endpoint node.

> Then, we monitor traffic flowing into various entry nodes (remember we're
> a global adversary, having direct access to infrastructure around the
> globe) and spot the traffic that matches our pattern.

That's global / regional passive listening, needing be concerned
minimally visibility with just any other G/R IP endpoints without
needing track entire path.

Which, if presumed and likely to be deployed, combine to be nicely
effective, whether finding such clients, or services on Tor, I2P, etc.

Attack could be made much more difficult quite possibly defeated
if all nodes engaged in bucketed reclocked and jittered fill traffic with
each other (possibly along some virtual path distance >=1 hop)
and enforced peering relationships based upon receipt of same
expected and contractually obligated traffic (would you talk to or
retransmit for a node that acted sent packets as you say... fuck no).
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk