[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Traffic shaping attack
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike Perry <mikeperry@xxxxxxxxxxxxxx>:
> I'm still with Roger on being careful about assuming its an attack (and
> not a bug, or other emergent behavior) before conducting more tests. At
> least, that is what proper engineering and science demands before we can
> respond, anyway.
Yes, I agree. But the attack is very probable here.
> For example, I wonder if users see such interrupts on all of their Tor
> traffic at that time, or just hidden service traffic? Or just hidden
> service traffic to specific services?
Only with hidden service traffic from this specific service.
> I am wondering the same thing about the hidden service side. Is it
> seeing interrupts of all traffic, or just some?
Unfortunately, only the site admin could confirm, but I don't see him
here (he has been notified of this thread).
Actually, as I don't know the site admin in person, it would be possible
that the site admin is already in jail and the site is being run by LEA,
inserting these interruptions deliberately. But for now let's assume it's
not true.
> If this is an attack, this information could help inform us as to if
> we're looking at an attack targeting all users, certain guard nodes, or
> just specific hidden services. With this information, we will also be
> able to better consider defenses, if it is an attack.
If it is an attack, I strongly suspect it's targetting users of the
specific hidden service.
> Even if it is not an attack, it would still be useful to know, because
> we may be looking at some other kind of bug or bad emergent property in
> Tor.
Yes, definitely.
> It could also be due to the fact that Tor is effectively
> single-threaded. If something on the user's guard node, intermediate
> node, or hidden service is taking large amounts of CPU time, this will
> prevent traffic from flowing while that operation is happening.
It would have to run within a realtime scheduler to completely block Tor
for several seconds... very few applications use this scheduler, at least
in Linux.
- --
Oskar Wendel, o.wendel@xxxxxxxxxxxxxxxxx
Pubkey: http://pgp.mit.edu/pks/lookup?op=get&search=0xB5E3846CD40F08E3
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJW9qscAAoJELXjhGzUDwjjfIEH/j1sPFmu0rqg/CoRMuR1kRmV
121yTGD2rS8U+RrsudX8gRUxDvGhn8/CTPV4pV5DEGZErNpxQzzhogy8iPpeG57u
jDwT+0m5wfT1lcjWofRQCi2CvqT3GqQnjk5x59ZGKl3en8HYjJkwJ2G7JDpn6zTQ
/eviPJv+QYn4qt11RgcNOMktYux6nad744LFSdiLp+h57ka1VSVwPQ/g8IvoZ9qu
HrhrNZfn5bu+uaeWrMkQjGgXHXy1Yx+myh7dGiS3oZHycjm2f/9zs/jAOozZ9EXb
YAwYSY5XZte464zrXpTfgdaIB33XrDAelPqFwmJuLcg6sk1Q2x7LavT3lCqgWRk=
=hyKK
-----END PGP SIGNATURE-----
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk