[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

To: or-talk@xxxxxxxxxxxxx
Subject: Re: "Practical onion hacking: finding the real address of Tor clients"
From: coderman <coderman@xxxxxxxxx>
Date: Wed, 1 Nov 2006 08:12:08 -0800
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 01 Nov 2006 11:12:19 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=G9xSKM0b7PwmNus9AZ7QeNVxO1Q6foofxYGBSaLM4yCbOPLch8jRSw8/AZFcLAOSNCuARxj+pxVdaBD4MPVzThZ7XWryJ7dQFxZvjQKgzz7E92XkDCA9cxnZw6o8k87LuyhecvICSL8Z/tOgnaL9VfeUd9Pg2GbxIOo8i7SzoBY=
In-reply-to: <20061101132214.51a01565@localhost>
References: <4535B995.8010304@appelbaum.net> <20061020155340.6c206ba6@localhost> <1161441284.28290.3657.camel@localhost.localdomain> <20061023142236.72e281d1@localhost> <1161707654.28290.6259.camel@localhost.localdomain> <20061026210536.53d64ed4@localhost> <1161948461.7826.407.camel@localhost.localdomain> <20061031154932.0b0c1b5f@localhost> <1162315168.1689.117.camel@localhost.localdomain> <20061101132214.51a01565@localhost>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 11/1/06, Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:

...
For Tor users this shouldn't be a big deal. I also don't see anything
exciting about Narus


the narus advantage is hardware/programmable classifiers, ala snort on
fpga, which allows deep inspection across numerous (linearly scalable)
OC12/OC48 peering points.  rules also scale linearly, with anywhere
from 500 to thousands per classifier proc.

Of course a patient person can already do the same thing with
less comfortable tools like tcpdump anyway.


this is all about scale, and since we are discussing taps on the
backbones, scale is paramount.  but for small ISP's, corp it staff
you're right...

> That barely begins to describe what the
> Narus tools can do. If you care about privacy, this is really creepy.

Maybe if you care about privacy and don't use tools like Tor
to protect it.


the problem with narus run by $TLA is that it functions as global
adversary, which is explicitly outside Tor's threat model.  this may
or may not mean they are watching.  (and there are certainly some
$TLA's who are using packet latency fingerprinting with active
manipulation of packet timing up stream to link clients to particular
exit traffic)

zero knowledge mixes defend against this threat, but you lose the
(relatively) low latency of onion like routing in Tor.  [exercise for
the researchers: would traffic padding with a DTLS Tor ala reliable
multicast at fixed bandwidth limits keep the low latency but provide
the anonymity of a stronger mix?]

best regards,

References:
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Fabian Keil

Prev by Author: Re: False certificates
Next by Author: Re: tor privoxy squid
Previous by thread: Re: "Practical onion hacking: finding the real address of Tor clients"
Next by thread: Re: Possible fishing attempt for eBay
Index(es):
- Author
- Thread