[tor-bugs] #19769 [Core Tor/Tor]: Round down DNS TTL to the nearest DEFAULT_DNS_TTL (30 minutes)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 28 22:15:14 UTC 2016
#19769: Round down DNS TTL to the nearest DEFAULT_DNS_TTL (30 minutes)
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
Component: Core Tor/Tor | 0.2.???
Severity: Normal | Version:
Keywords: 029-proposed, dns, | Resolution:
TorCoreTeam201607 | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by pulls):
We have ongoing research on DNS-based traffic correlation attacks
(https://nymity.ch/dns-traffic-correlation/) that relates to this. While
fixing #19025 will help in mitigating attacks to an extent, the most
important change to consider related to DNS is to also significantly
increase MIN_DNS_TTL. This is because useful domains for our attacks today
have low TTLs: about 50% of Alexa top 1M have a useful domain with TTL <=
60 seconds, and 75% a TTL <= 30 min. Do you think it would be practical to
have MIN_DNS_TTL set to, say, 30 min? Would too much break?
If I understand the proposal here in #19769, rounding TTLs between
[0s,30m) to MIN_DNS_TTL also for exits (?), then this will actually
benefit an attacker who can observe both entry traffic and DNS requests
for about 25% of Alexa top 1M (but for the remaining 25% it's an
improvement together with #19025 over the status quo).
Sorry if this is the wrong place for this, especially since we don't have
a paper to share yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19769#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list