Theory and tests in ideal lab conditions are one thing. Running these ideas against a real world network is another.<br>I was to see video of this if it's really true.<br><br><br><div class="gmail_quote">On Wed, May 21, 2008 at 12:18 PM, F. Fox <<a href="mailto:kitsune.or@gmail.com">kitsune.or@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
I know someone else mentioned this, but I misplaced the email:<br>
<br>
********<br>
<br>
- From : <a href="http://web.crypto.cs.sunysb.edu/spday/" target="_blank">http://web.crypto.cs.sunysb.edu/spday/</a><br>
<br>
"Simulating a Global Passive Adversary for Attacking Tor-like Anonymity<br>
Systems<br>
We present a novel, practical, and effective mechanism for identifying<br>
the IP address of Tor clients. We approximate an almost-global passive<br>
adversary (GPA) capable of eavesdropping anywhere in the network by<br>
using LinkWidth, a novel bandwidth-estimation technique. LinkWidth<br>
allows network edge-attached entities to estimate the available<br>
bandwidth in an arbitrary Internet link without a cooperating peer host,<br>
router, or ISP. By modulating the bandwidth of an anonymous connection<br>
(e.g., when the destination server or its router is under our control),<br>
we can observe these fluctuations as they propagate through the Tor<br>
network and the Internet to the end-user's IP address. Our technique<br>
exploits one of the design criteria for Tor (trading off GPA-resistance<br>
for improved latency/bandwidth over MIXes) by allowing well-provisioned<br>
(in terms of bandwidth) adversaries to effectively become GPAs. Although<br>
timing-based attacks have been demonstrated against<br>
non-timing-preserving anonymity networks, they have depended either on a<br>
global passive adversary or on the compromise of a substantial number of<br>
Tor nodes. Our technique does not require compromise of any Tor nodes or<br>
collaboration of the end-server (for some scenarios). We demonstrate the<br>
effectiveness of our approach in tracking the IP address of Tor users in<br>
a series of experiments. Even for an under-provisioned adversary with<br>
only two network vantage points, we can accurately identify the end user<br>
(IP address) in many cases. Furthermore, we show that a well-provisioned<br>
adversary, using a topological map of the network, can trace-back the<br>
path of an anonymous user in under 20 minutes. Finally, we can trace an<br>
anonymous Location Hidden Service in approximately 120 minutes."<br>
<br>
*********<br>
<br>
I wonder if this could be true, and what exactly this all means; if it<br>
means that pretty much anyone can jump into the role of a GPA, we're<br>
screwed.<br>
<br>
- --<br>
F. Fox<br>
AAS, CompTIA A+/Network+/Security+<br>
Owner of Tor node "kitsune"<br>
<a href="http://fenrisfox.livejournal.com" target="_blank">http://fenrisfox.livejournal.com</a><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.6 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
<br>
iQIVAwUBSDR1e+j8TXmm2ggwAQhYSBAAjd86xH3G1b4zauY9V5txc59n+VAZtD3I<br>
dih3M1LI/AthXGymIsTn7GfQIhsw9wIlBMxxs8Se0Azgdm2QIB2sQkJSwsQB8JrJ<br>
45PV2tYOhThfZayvPNq3RLZ70rlWum654IYbh5VYh1ODOENqmcg5/YLYeLORc/NE<br>
zEkvRo2PGxKY/7V0icVyN7Q/+vwpu61Wm3Yt/D3mrHvLddh2ft3MiTqifAMRpjaj<br>
ZbyKzcDwsMsltCKnJiz9ECNDja2FTj0x6pyQGHDO8DSnY9KXus95Brt9cjKW5yF0<br>
Ix7wGt5V87MYFpEoWEErbHHCKU9N4zFgu4dBj8dTJFqe09eXe/FZGrKHPS7pnnNE<br>
02FKNiafuyf7+jUQYrQFZMxi8TnjveHDcjc1w1OTx355bu3xZzVEmHR9PnG5oDWr<br>
HpfsA13649j+vGfm+Afjvd0Yw0Db3yeYo9uDG/mJDcvyl2qI30tFwI4YggbWHgVL<br>
6UTEk5SwPI6k1A+9IAUObrHtqqb/qQJOZy3tHx9slogI6qPJSYIUTQWgBjNZ1yJ9<br>
C2l7t5y5JqMXQHQzZwdNRboaeIEMunedevN/zweLK5Lt308FP7JAJJHLz/f7MDLK<br>
WN4oZEyL0LWuIlqbEPBNODgIXyicHNf2Hd+lMDOasCIc63mCaa7hlk+j73gQjH/B<br>
lQIwdbevNBU=<br>
=CKp7<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br>