[tor-dev] Tor Bridges and Snowflakes detection attack
Christian Pietsch
christian.pietsch at digitalcourage.de
Mon Jan 9 14:11:48 UTC 2023
On Mon, Jan 09, 2023 at 01:31:52PM +0000, EfraimVagner via tor-dev wrote:
> Anyone knows how he did it? Seems kind of wierd he says he is against oppressive regiments but doesn't give any useful information about what the issue is.
The Snowflake proxies might have been detected using the method described in this publication. The link was postet to anti-censorship-team at lists.tpo on Saturday.
URL: https://www.mdpi.com/2076-3417/13/1/622/pdf
Title: F-ACCUMUL: A Protocol Fingerprint and Accumulative Payload Length Sample-Based Tor-Snowflake Traffic-Identifying Framework
Authors: Junqiang Chen, Guang Cheng, and Hantao Mei
Abstract: Tor is widely used to protect users’ privacy, which is the most popular anonymous tool. Tor introduces multiple pluggable transports (PT) to help users avoid censorship. A number of traffic analysis methods have been devoted to de-anonymize these PT. Snowflake is the latest PT based on the WebRTC protocol and DTLS encryption protocol for peer-to-peer communication, differing from other PT, which defeat these traffic analysis methods. In this paper, we propose a Snowflake traffic identification framework, which can identify whether the user is accessing Tor and which hidden service he is visiting. Rule matching and DTLS handshake fingerprint features are utilized to classify Snowflake traffic. The linear interpolation of the accumulative payload length of the first n messages in the DTLS data transmission phase as additional features are extracted to identify the hidden service. The experimental results show that our identification framework F-ACCUMUL can effectively identify Tor-Snowflake traffic and Tor-Snowflake hidden
service traffic
DOI: https://doi.org/10.3390/app13010622
Cheers,
Christian
On Thu, Jan 05, 2023 at 07:31:31AM -0500, tor at nullvoid.me wrote:
> https://github.com/scriptzteam/Tor-Bridges-Collector
>
> Seems an attacker has found a way to enumerate ~300000 snowflakes and many
> bridges. I couldn't find any discussion about this in the archive.
--
Christian Pietsch | volunteering for Digitalcourage e.V.
Website: https://digitalcourage.de/
Mastodon – like Twitter but better: https://digitalcourage.social
BigBrotherAwards Germany: https://bigbrotherawards.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20230109/ee15a959/attachment.sig>
More information about the tor-dev
mailing list