Sybil Attack Countermeasures

Kevin Bauer ksbauer at
Fri Mar 9 23:28:34 UTC 2007

The following is a proposal for a Sybil attack defense.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
Filename: sybil_checking.txt
Title: Sybil Attack Checking
Author: Kevin Bauer & Damon McCoy
Created: 9-March-2007
Status: Open

	This document describes a solution to a Sybil attack
    vulnerability in the directory servers. Currently, it 
    is possible for a single IP address to host an arbitrarily 
    high number of Tor routers. We propose that the directory
    servers limit the number of Tor routers that may be registered
    at a particular IP address to some small (fixed) number, perhaps
    just one Tor router per IP address.

	Since it is possible for an attacker to register an arbitrarily large
    number of Tor routers, it is possible for malicious parties to 
    do this to as part of a traffic analysis attack.

Security implications:
	This countermeasure will increase the number of IP addresses that an
    attacker must control in order to carry out traffic analysis.

	We propose that the directory servers check if an incoming Tor router
    IP address is already registered under another router. If this is 
    the case, then prevent this router from joining the network.

	Upon inspection of a directory server, we found that the following
    IP addresses have more than one Tor router:

	Scruples     443
	WiseUp     9001
	Unnamed  9001
	Unnamed  9001
	Unnamed  9001
	aurel     9001
	sokrates     9001
	moria1   9001
	peacetime   9100

	There may exist compatibility issues with this proposed fix. It is unclear
    why more than one router would need to be on the same IP address.

More information about the tor-dev mailing list