[tor-project] Moar Project Ideas!!

Aaron Gibson aagbsn at extc.org
Thu Mar 3 13:47:28 UTC 2016

On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
> Damian Johnson:
>> Hi all, pulled the trigger on this...
>> https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa5296a221daa8a295280b37b2546e2bf
>> Folks are coming out of the woodwork to mentor so we still have ten
>> projects (yay!), but not much concerning core tor. if you'd care to
>> mentor one of these then more than happy to add it back to our page.
> Great work on getting the GSoC program together, and getting selected!
> I'd be happy to be the second mentor for any Python-based project,
> particular if it's related to hidden services or network monitoring.
> Regards,
> Donncha

A project I discussed last night with Donncha and Yawnbox is


IP hijacking detection for the Tor Network.


IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a 
bad actor creates false routing information to redirect Internet traffic 
to or through themselves. This activity is straightforward to detect, 
because the Internet routing tables are public information, but 
currently there are no public services that monitor the Tor network. The 
Tor Network is a dynamic set of relays, so monitoring must be Tor-aware 
in order to keep the set of monitored relays accurate. Additionally, 
consensus archives and historical Internet routing table snapshots are 
publicly available, and this analysis can be performed retroactively.

The implications of IP hijacking are that Tor traffic can be redirected 
through a network that an attacker controls, even if the attacker does 
not normally have this capability - i.e. they are not in the network 
path. For example, an adversary could hijack the prefix of a Tor Guard 
relay, in order to learn who its clients are, or hijack a Tor Exit relay 
to tamper with requests or name resolution.

This project comprises building a service that compares network prefixes 
of relays in the consensus with present and historic routing table 
snapshots from looking glass services such as Routeviews 
(http://routeviews.org), or aggregators such as Caida BGPStream 
(https://bgpstream.caida.org) and then issues email alerts to the 
contact-info in the relay descriptor and a mailing list. Network 
operators are responsive to route injections, and these alerts can be 
used to notify network operators to take immediate action, as well as 
collect information about the occurrence of these type of attacks.

Estimated time to build this service: 3 months


More information about the tor-project mailing list