12 Sep
2017
12 Sep
'17
9 p.m.
On 12/09/2017 20:25, Ralph Seichter wrote:
I'm not certain what you consider a "DNS attack".
Many exit node operators run a caching DNS resolver on their exits, which is easily done. Lacking that, you can use the resolvers run by your ISP, who can monitor all outbound traffic anyway, as I mentioned.
An attacker can try to find what websites a Tor user has visited, by comparing : - the timing of Tor user home connection traffic and - the timing of DNS queries happening on DNS servers controlled by the attacker
On this webpage, the author talks about "correlation" attack : https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/