Proposal: Avoiding infinite length circuits

Steven J. Murdoch tor+Steven.Murdoch at
Sat Dec 6 13:19:40 UTC 2008

On Fri, Dec 05, 2008 at 03:17:19PM -0500, Nick Mathewson wrote:
> Another observation: The usual engineering solution here would be to
> add a "hey, I'm a connection from a Tor server/hey, you are now
> connecting to a Tor server" indicator to the protocol.  But our
> anti-blocking designs make that basically impossible for us to do.  We
> could take a probing-style approach, and have exit servers connect to
> suspect ports, and see whether a Tor server answers, but that seems
> questionable.  In any case, it would hurt the probing-resistance stuff
> we've been kicking around.

If I understand the attack correctly, I'm not sure that the
anti-blocking design does preclude this approach. 

For example, an exit node could add a TCP option to outgoing streams,
to indicate that the connection came from Tor, and OPs could refuse
incoming connections with this flag. There is of course a practical
problem of setting this flag from a non-root process

Another option is an identd style approach -- allow a server to
connect back to the initiator of a TCP connection and ask whether that
came from a Tor exit stream.

The practical problem here is how to tell clients what port this
service runs on. We could put it in the descriptor, but once we assume
that a significant proportion of OPs have the descriptors for exit
nodes, they could already know whether a incoming connection comes
from a Tor node (though not from the Tor process).



More information about the tor-dev mailing list