On Fri, Apr 18, 2014 at 10:02:33PM +0200, Paul Staroch wrote:
Am 2014-04-18 21:31, schrieb mr.curtis@urssmail.org:
Is there any way currently to do this, or are there already some safeguards in place?
In its default configuration, Tor ensures that each relay in a circuit belongs to another /16 subnet (cf. Tor Path Specification [1], section "2.2. Path selection and constraints"). However, in the case of Amazon EC2, this constraint does not suffice as Amazon uses IP addresses from several different /16 subnets.
Note that this important but was not a guarantee even before the use of cloud relays. In my 2009 paper with Matt Edman "AS-Awareness in Tor Path Selection" we described the generation of 1500 paths using the Tor path selection algorithm "Of those 15,000 paths, 163 (or ≈ 1.1%) contained an entry and exit node that resided in the same AS despite having an IP address from different /16 subnets. Out of those 163 paths, all but one also had a distinct /8 network address."
aloha, Paul