[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Current state of HSDir attacks on hidden services

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Current state of HSDir attacks on hidden services
From: "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx>
Date: Wed, 12 Dec 2018 14:59:34 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 12 Dec 2018 15:00:07 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: NeoMutt/20180716

Hi All,

The recent thread on ColoCrossing nodes[1] has gotten me wondering
about the current state of HSDir attacks on hidden sites my web
searching has only turned up some articles that are a few years
old.

Is it really still the case that spending a little time crafting
the "right" finger prints i sall it takes for an adversary to
reliably host the HSDir for a given hidden service? Well and
4-5 days uptime...

Assuming the new ColoCrossing nodes are maliciously target ina
particular hidden service is it just their sloppiness of putting
them all up in the same place over a short period rather than in
a slower and more widely distributed manner the only thing that
prevented them from acheving their unmasking goals?

Seems like it would be trivial for even a moderately funded
attacker to put up 16-32 nodes across a similar number of hosting
providers, https://www.terraform.io framework for example seems
to support about 37 different "cloud providers" so finding that
number of unique providers isn't really hard.  If they also set
them up at semirandom intervals over the course of a month or so
who could ever tell?

-Jon

-- 

[1] https://lists.torproject.org/pipermail/tor-relays/2018-December/016712.html

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Current state of HSDir attacks on hidden services
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] Current state of HSDir attacks on hidden services
Next by Author: Re: [tor-relays] 35C3 Tor Relay Operators Meetup
Previous by thread: Re: [tor-relays] AS: ColoCrossing + QuadraNet = 42 relays
Next by thread: Re: [tor-relays] Current state of HSDir attacks on hidden services
Index(es):
- Author
- Thread