[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Network diversity [was: Should I warn against Tor?]

On Mo, Jul 08 2013, Jens Lechtenboerger wrote:
Being German I restricted EntryNodes to DE and ran traceroutes to the 3 German guards selected by my Tor client. Two of those traceroutes showed IP addresses of DE-CIX (so I donât want them), while the third one does not contain any IP address of [2]. I guess Iâll check that out systematically to find âmyâ EntryNodes.
[For those who are confused about the context of this: I started the original thread. A write-up for my motivation is available at [0].] I found my guard nodes. Here is a summary of what I did. I started out with a list of 826 Tor nodes located in DE, generated on 2013/07/15 at [1]. Out of these, 232 are named guards, and 78 are named exits. I analyzed traceroute data both at work and at home.
At work: Only a small number of 25 guards are safe in the sense their paths appear to flow neither through IXPs nor through foreign places. DE-CIX alone is traversed to reach 179 guards. However, 4 guards are located in my own Autonomous System (AS). It seems very attractive to use only those (instead of all 25 candidates). What do you think? 

Iâd like to point out that during this week I observed route
changes. Sometimes, less routes go through DE-CIX, so that up to 39 guards appear to be safe. Thus, repeated tests are a must. 

For Tor exits, traceroute data between me and the exit is less
useful. Traceroutes between the exits and my communication partners would allow to identify IXPs along that way. Iâm not in the position to obtain that data. Nevertheless, if I want to anonymize communication that should be local to my country, Iâm restricting the exits to those that do not show foreign hops. I found 58 of those. 

At home:
Many guards (126) appear to be safe, only one is located in my own AS.
Iâd like to share two sample unsafe routes to Tor guards raspitor2 and YanLunYiZou, where IP addresses of intermediate hops and target with their estimated location are shown: 

raspitor2 (89.144.24.210): 213.20.59.10;DE â 195.71.10.242;DE
â 195.71.212.242;DE â 195.69.145.103;NL (via IXP AMS-IX)
â 193.34.48.162;GB â 193.34.48.74;GB â 193.34.48.74;GB
â 185.14.92.22;DE â 193.24.211.57;DE
â raspitor2 (89.144.24.210);DE (via IXP AMS-IX)

YanLunYiZou (109.69.68.157): 213.20.59.10;DE â 195.71.10.242;DE
â 195.71.254.93;DE â 84.16.8.141;ES â 84.16.14.93;ES
â 212.73.205.225;GB â 4.69.168.190;US â 4.69.161.93;US
â 4.69.143.137;US â 4.69.140.14;US â 4.69.163.9;US
â 4.69.143.177;US â 4.69.133.181;US â 4.69.133.178;US
â 212.162.18.226;GB â 91.202.40.254;DE
â YanLunYiZou (109.69.68.157);DE

Those are examples of so-called boomerang routes, where source and
target appear to be located in the same country, yet traffic does
impressive sightseeing and receives lots of unwanted attention. Consequently, Iâd like to warn against the Tor options to restrict nodes based on country codes.
Finally, at home I found 63 Tor exits that appear to be non-foreign. The intersection between work and home contains the following 53 routers, which may be useful for German Tor users: 0x3d002, 5268A6ED09875EA2F5, AbelianGrape, Atorisinthesky, BZHack, 
Biverse, DaJoker, Datenmuehle, FoeBuD3, HarryTuttle, KOP1,
KiwibirdSuperstar, LookAnotherExit, MagmaSoft, Musashi, NeefEef2,
Piper, Resistance, TommysTorServer, Tor4Freedom, Torboinaz,
TuringComplete, arbitrary, armselig, brotherjacob, cce12eb07e2d92a7, chee, devilproxytor, eisler, felixker, filiprem, ftcalip, germangang, hamradioboard, hanfisTorRelay, hellinterface, honk, jabla, landfox, memyselfandi, neonustor, ppbytor1, randomserver, riqochet, rollmops, skyplace, smurfix, spdytor1, superblyhidden, supercow12k, th0rnsrelay, 
tor3aendych, zapit02
Links to my code and a README.txt clarifying necessary prerequisites are available at [0]. Best wishes Jens [0] https://blogs.fsfe.org/jens.lechtenboerger/2013/07/19/how-i-select-tor-guard-nodes-under-global-surveillance/ 
[1] http://torstatus.blutmagie.de/
[2] http://www-rp.lip6.fr/~augustin/ixp/
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk