[tor-bugs] #2860 [Pluggable transport]: Research TCP connection patterns produced by web browsing

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Apr 5 10:49:00 UTC 2011


#2860: Research TCP connection patterns produced by web browsing
---------------------------------+------------------------------------------
 Reporter:  rransom              |          Owner:  asn
     Type:  task                 |         Status:  new
 Priority:  major                |      Milestone:     
Component:  Pluggable transport  |        Version:     
 Keywords:                       |         Parent:     
   Points:                       |   Actualpoints:     
---------------------------------+------------------------------------------
 We suspect that Tor connections (and other TCP-based encrypted tunnel
 connections) can easily be distinguished from connections produced by a
 web browser by an attacker who has only logs of TCP SYN, FIN, and RST
 packets and the times at which they were sent.  We should research this
 further.

 The first step is to collect example recordings of the SYN, FIN, and RST
 packets produced by:
  * a normal Tor client,
  * a Tor client configured to use one bridge,
  * a Tor client configured to use ten bridges,
  * Firefox loading a simple (one HTML page without CSS or JS) web page
 over HTTPS,
  * Chromium loading the same simple web page,
  * Firefox viewing a JS-intensive web page (over HTTPS if possible), and
  * Chromium viewing the same JS-intensive web page.

 A simple visualization tool for the recordings will also be needed.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2860>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list