On Sat, Nov 25, 2017 at 5:15 PM, teor teor2345@gmail.com wrote:
need a privacy-preserving aggregation scheme
(Otherwise, anyone who can remotely trigger a rare protocol violation can find out which relays a client or onion service is using.)
The above don't necessarily lead to each other.
scheme in Tor so we can do these counts
That's thinking of 'in tor' code, which is good way and project to see some things only visible there, and way to count and submit them over tor.
I'm more thinking using external tools to watch the network interface itself...
Attackers will read / fuzz the source code till they exploit via tor's open ports anyway. Though it could still be good to instrument those ports with both tor protocol analyzer, and a raw packet statistical analyzer / classifier to see what's incoming.
Instrumenting the IP itself to look for debilitating inbound packet bursts from the internet indicating node pruning segmentation attacks. Would be interesting discovery. Though attackers might find the method redundant given already ways to deanon hidden services and fewer to deanon users.
And all the usual IDS type of tools that could be deployed and collected to see who / what is probing away at the network itself and how.
Might want to look for modulation patterns in OR traffic proving existance of certain known attack methods.
Not talking about content of exit traffic in any of this. It's exposing attacks from clearnet, not users of tor.
Operators could opt in. Prebuilt tool packages could be created.
Someone with a handful of relays could always do the research project on their own, and like silent attackers, may already be.