[tor-dev] A few questions about defenses against particular attacks

[Tom Ritter]

Hi Yuhao!

Some of the things Tor does (e.g. public list of nodes) is because
it's relatively easy to attack if you try and not do it that way.  For
example:

On 13 March 2014 15:08, Yuhao Dong <yd2dong at uwaterloo.ca> wrote:
>       - No public list of all node addresses; this makes determining
>       whether certain traffic is Oor traffic much harder. More at the next
>       bulletpoint
>    ...
>    - Blanket blacklist attacks by censors. Censors can poll the directory
>    and block all ordinary Tor nodes. (obfsproxy) bridges are a workaround.
>       - Oor's directory maintains a *graph* of all nodes. Each node knows
>       the public keys of all the other nodes, but each node only knows the
>       addresses of *adjacent* nodes.


An attacker could enumerate all exit nodes by simply building lots of
circuits and connecting to a website they control, noting the origin
IPs.

Similarly, I'm assuming you're allowing users to run nodes, in which
case I can stand up node after node (or keep generating new node
identities) and record the addresses of the nodes I am connected to.

I'm also assuming there is some central directory in the middle that
nodes connect to and provide their identity key and address?  And then
when you start up a node, it will give you your 'neighboring' nodes?

-tom