[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators



On 12.09.17 23:00, jpmvtd261@xxxxxxxxxxx wrote:

> An attacker can try to find what websites a Tor user has visited, by
> comparing :
> - the timing of Tor user home connection traffic and
> - the timing of DNS queries happening on DNS servers controlled by the attacker

I'm aware of that. With a caching resolver running on the exit node, the
only "DNS servers controlled by the attacker" would have to be upstream,
the ones required to resolve what the Tor client requested in the first
place. Your idea of query noise does not mitigate the risk of upstream
DNS servers being taken over or monitored by an attacker. I run redundant
DNS servers which host all of my domains (which are DNSSEC signed), and
caching resolvers on all my Tor nodes. That's tough to mess with.

The problem is that people don't always run their own exit-node based
resolvers, but forward to Google's infamous 8.8.8.8 et al. People should
at the very least check if their respective ISP runs caching resolvers,
which most do to reduce traffic.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays