[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] The New Threat: Targeted Internet Traffic Misdirection

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] The New Threat: Targeted Internet Traffic Misdirection
From: Seth David Schoen <schoen@xxxxxxx>
Date: Thu, 21 Nov 2013 09:33:06 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Nov 2013 12:41:13 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=t3hlkLg4hUE93gQeE1ROtCUTZ29izkGWe/kufdSwyJk=; b=hWeSR2ukBZXoikHcGdEjskyO66uiYK5y3uqhIQBBLcfRq6FJSU2aQTkIIAbsxVZSWPZgzDkYHnQD55JZxb1UcLix7GsLGgw7byaq/6TrJl6U2gWk4e1LeUwHGSGrxTzk+LWRexDncDkpRR5WfEqSzSfBD5YHh0i/4zktGhX8Yig=;
In-reply-to: <069792cc2edd41a7eb39ce368888e221.squirrel@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <069792cc2edd41a7eb39ce368888e221.squirrel@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

BM-2D9WhbG2VeKsLCsGBTPLGwDLQyPizSqS85@xxxxxxxxxxxxx writes:

> Since I thought it might be interesting to consider the potential
> implications of BGP-related attacks described above if applied to guard or
> exit relays, I wanted to share the following article:
> http://www.renesys.com/2013/11/mitm-internet-hijacking/
> 
> That post also refers to an earlier, related post:
> http://www.renesys.com/2010/11/chinas-18-minute-mystery/
> 
> Any thoughts/reactions from a Tor standpoint?

You can't use BGP redirection to impersonate a node because the
individual nodes have unique cryptographic keys that are listed in
the Tor directory consensus.  (We need all other Internet services
to move to having unique cryptographic keys, too, so that people
who can control and redirect networks can't impersonate them!)

You could use BGP redirection to become able to spy on traffic
headed to a guard node or coming out of an exit node that would
otherwise not have passed through networks that you control.
The most relevant consequence of that would probably be increasing
the probability that the attacker can successfully do a traffic
correlation or confirmation attack.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] The New Threat: Targeted Internet Traffic Misdirection
  - From: BM-2D9WhbG2VeKsLCsGBTPLGwDLQyPizSqS85

Prev by Author: Re: [tor-talk] Provider for relay
Next by Author: Re: [tor-talk] More and more websites block Tor, which will eventually become useless!
Previous by thread: [tor-talk] The New Threat: Targeted Internet Traffic Misdirection
Next by thread: Re: [tor-talk] The New Threat: Targeted Internet Traffic Misdirection
Index(es):
- Author
- Thread