[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Idea which may or may not of been discussed




On 10/13/2018 12:07 AM, Nathaniel Suchy wrote:
> Currently tor traffic uses an TLS handshake hostname like the following:
> 
> $ sudo tcpdump -An "tcp" | grep "www"
> listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
> .............". ...www.odezz26nvv7jeqz1xghzs.com.........
> .............#.!...www.bxbko3qi7vacgwyk4ggulh.com.........
> .6....m.....>...:.........|../*
> Z....W....X=..6...C../....................................0...0..0.......'....F./0..
> *.H........0%1#0!..U....www.b6zazzahl3h3faf4x2.com0...160402000000Z..170317000000Z0'1%0#..U....www.tm3ddrghe22wgqna5u8g.net0..0..
> 
> A network observer could run a DNS lookup on the hostnames and see if
> they are real or not. So my idea would be to register a set of random
> hostnames which are legitimate and point the IPs somewhere to avoid
> looking for an NX Domain response and dropping the stream. You could
> even give each relay a unique subdomain and rotate these every few
> weeks. This may be expensive to implement but could make blocking Tor
> traffic with this method harder. Thoughts?
> 

Why wouldn't it be just as easy for censors to identify the small set of
registered domains that Tor relays use and block TLS connections that
involve them?

I don't see how changing the domain a relay uses from aaaaaa.foo.com to
bbbbbb.foo.com helps. The censor would just notice 'foo.com' and block it.

In fact, I think this would make censorship easier.

Matt
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev