[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: peculiar server "bandwidth" posted by server "mnl" and possible new type of attack
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: peculiar server "bandwidth" posted by server "mnl" and possible new type of attack
- From: "Kasimir Gabert" <kasimir.g@xxxxxxxxx>
- Date: Wed, 10 Sep 2008 07:46:51 -0600
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 10 Sep 2008 09:46:58 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=K0KNKbhibeARtYrTCHjEQM/88LNsTOpN0E3zdLuIqLA=; b=XwCiYODe3yuqQVKhKb6McHYr9q3mSdlhOlO8mSOIpiBN/GHO2Ub+rtLbNGfqBKfV7W baTTlJqEQoTQ2R1Y2+x0IclG7pXed/VYrP+z5Es33xwsdP4L0BmtTqvrrnwJzkerZJ4x Xvdav/o+RJPea58mkMkJeUOU1FbP8Bj00z/8M=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=tIoAG9oVQKVqXJHA55lKJq570ZrSSiZME5kvWhl1MrZaXeJA3CAxdfd/Wks92mP7VY BXJb/0gTytLpGF775LYNdQ9Hqew8Kl8KtVOsr9RHkGNn/rC/dxCMV9ozIf+akN9HfXU0 91//ZFONW7DmR3YAk6wYp6mjCffmws/ODyXoE=
- In-reply-to: <200809101328.m8ADSefq021989@xxxxxxxxxxxxx>
- References: <200809101328.m8ADSefq021989@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Wed, Sep 10, 2008 at 7:28 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>>
>>The fact of not being an exit node would make it a better corruped
>>relay? I mean, if I would like to DOS the Tor network I would be better
>
> No, or at least I don't think so. What I was referring to is that most
> of the trouble we've had from bad operators has taken the form of corrupted
> exit servers, where what goes into or comes out of the exit is in the clear
> and can be altered before it is sent where it is going.
>
>>to set the trojan node as internal?
>>
> For this kind of attack, I suppose there might be some sort of advantage
> to being only a relay and not an exit because route selection often prefers
> non-exit relays for non-exit positions in a route, and a typical route has
> two non-exit positions but only one exit position. So the chances to bog
> down performance might be a bit higher if the attacker focused on non-exit
> usage.
> But Roger has already said that clients believe that no server really
> handles more than 5 MB/s, so they trim any figures greater than that back to
> 5 MB/s. If you had a dozen or two tor servers falsely reporting high usages,
> each at 5 MB/s or more, it might make a mess of things because they would
> distort the networkwide statistics, especially if those servers did not
> identify themselves as all being members of the same Family.
For reference, the reported bandwidth values from mnl hover around
2000 KB/s, but are very flaky (I'll assume this is caused by the
connection issues Domenico was talking about).
http://trunk.torstatus.kgprog.com/router_detail.php?FP=abd38668d3f476f50232fec0b6db6550ea43edd0
Kasimir
>
>
> Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet: bennett at cs.niu.edu *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army." *
> * -- Gov. John Hancock, New York Journal, 28 January 1790 *
> **********************************************************************
>
--
Kasimir Gabert