[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Lots of tor relays send out sequential IP IDs; please fix that!

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Lots of tor relays send out sequential IP IDs; please fix that!
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 1 Apr 2014 02:32:40 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Apr 2014 02:32:50 -0400
In-reply-to: <20140331211205.GA5459@xxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20140331211205.GA5459@xxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

On Mon, Mar 31, 2014 at 11:12:05PM +0200, Jann Horn wrote:
> Well, the subject line pretty much says it all: Lots of Tor relays send out
> globally sequential IP IDs, which, as far as I know, allows a remote party to
> measure how fast the relay is sending out IP packets with high precision,
> possibly making statistical attacks possible that could e.g. pinpoint the entry
> guard a user or hidden service uses.

[Please don't cross-post on multiple lists -- you will splinter the
responses.]

For extra fun, check out this paper that turns this issue into a potential
anonymity attack:
http://freehaven.net/anonbib/#tcp-tor-pets12

Their suggestion for a fix iirc was that the Linux kernel should get
fixed.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] A few questions about my setting up my first Tor relay.
Next by Author: Re: [tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade
Next by thread: Re: [tor-relays] Lots of tor relays send out sequential IP IDs; please fix that!
Index(es):
- Author
- Thread