[tor-relays] Filtering TOR Non-exit Relay - Just Curious

Zack Weinberg zackw at cmu.edu
Sun Oct 27 23:49:58 UTC 2013


Lukas Erlacher <l.erlacher at gmail.com> wrote:
>> Middle nodes don't know the type of traffic. If they have any way
>> to find out, that is a bug that needs to be fixed. End-of.

Packet timing analysis may be able to tell you *something* -- this is
part of my current research project, ask again in six months :-)

Mr. Nelson Laurenti wrote:
> I didn't say I knew the type of traffic on my relay, that would be an
> entirely new set of problems; I said I can see the IP addresses
> coming in and going out, and the ports used.

That's to be expected.  Tor is still using IP, so there is no way around 
the fact that a relay operator can observe the IP addresses of hosts in 
direct communication with their relay(s).

If your relay is acting strictly as a middle hop, however, the IP 
addresses you observe should all be the addresses of other Tor relays, 
and none of the traffic you observe should *originate* from the IP 
addresses you observe.

If you are an entry hop, some of the traffic you observe will be traffic 
coming directly from clients, and you can learn their IP addresses and 
probably quite a bit about them.  This is part of why we have guards. 
(I am skeptical about guards actually being a good idea, but that's 
*also* part of my group's research, so, again, ask again in six months.)

Only if you are an exit node should you be able to observe any traffic 
that is in cleartext and/or coming directly from server hosts.

It is possible for one Tor process to serve all three roles 
simultaneously, but never (by design) for a single circuit.  The design 
intent is that it will be prohibitively difficult for any single 
operator to control more than one node in a circuit more than some tiny 
fraction of the time; how feasible this actually is in real life has 
been the subject of quite a bit of research already (and, yep, my group 
is looking at that as well, albeit not as centrally).

zw


More information about the tor-relays mailing list