Proposal: Avoiding infinite length circuits

[Steven J. Murdoch]

On Fri, Dec 05, 2008 at 03:17:19PM -0500, Nick Mathewson wrote:
> Another observation: The usual engineering solution here would be to
> add a "hey, I'm a connection from a Tor server/hey, you are now
> connecting to a Tor server" indicator to the protocol.  But our
> anti-blocking designs make that basically impossible for us to do.  We
> could take a probing-style approach, and have exit servers connect to
> suspect ports, and see whether a Tor server answers, but that seems
> questionable.  In any case, it would hurt the probing-resistance stuff
> we've been kicking around.

If I understand the attack correctly, I'm not sure that the
anti-blocking design does preclude this approach. 

For example, an exit node could add a TCP option to outgoing streams,
to indicate that the connection came from Tor, and OPs could refuse
incoming connections with this flag. There is of course a practical
problem of setting this flag from a non-root process

Another option is an identd style approach -- allow a server to
connect back to the initiator of a TCP connection and ask whether that
came from a Tor exit stream.

The practical problem here is how to tell clients what port this
service runs on. We could put it in the descriptor, but once we assume
that a significant proportion of OPs have the descriptors for exit
nodes, they could already know whether a incoming connection comes
from a Tor node (though not from the Tor process).

Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/