[tor-dev] Tracing TCP Connections online..

grarpamp grarpamp at gmail.com
Mon Apr 10 17:21:05 UTC 2017

re: "tcp_tracing_internet.pdf"

This appears to describe an active network modulation attack (node DoS).
Either hammer tree on nodes of the expected path and trace the modulation,
or on all but the expected path to find unmodulated.
It generally requires GPA, deploying nodes, or being one end of the path...
in order to observe the results.
And it's old news.
As noted before, since Tor (and all other current anonymous overlays)
nodes do not perform their own independant buffering, reclocking and
contracting for expected hop parameters... this vulnerability will remain.

Anyone wanting to research, code, deploy, and present on
such countermeasures would certainly be welcomed.

More information about the tor-dev mailing list