"Practical onion hacking: finding the real address of Tor clients"
coderman
coderman at gmail.com
Wed Nov 1 16:12:08 UTC 2006
On 11/1/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
> ...
> For Tor users this shouldn't be a big deal. I also don't see anything
> exciting about Narus
the narus advantage is hardware/programmable classifiers, ala snort on
fpga, which allows deep inspection across numerous (linearly scalable)
OC12/OC48 peering points. rules also scale linearly, with anywhere
from 500 to thousands per classifier proc.
> Of course a patient person can already do the same thing with
> less comfortable tools like tcpdump anyway.
this is all about scale, and since we are discussing taps on the
backbones, scale is paramount. but for small ISP's, corp it staff
you're right...
> > That barely begins to describe what the
> > Narus tools can do. If you care about privacy, this is really creepy.
>
> Maybe if you care about privacy and don't use tools like Tor
> to protect it.
the problem with narus run by $TLA is that it functions as global
adversary, which is explicitly outside Tor's threat model. this may
or may not mean they are watching. (and there are certainly some
$TLA's who are using packet latency fingerprinting with active
manipulation of packet timing up stream to link clients to particular
exit traffic)
zero knowledge mixes defend against this threat, but you lose the
(relatively) low latency of onion like routing in Tor. [exercise for
the researchers: would traffic padding with a DTLS Tor ala reliable
multicast at fixed bandwidth limits keep the low latency but provide
the anonymity of a stronger mix?]
best regards,
More information about the tor-talk
mailing list