ISP controlling entry/exti ("Low-Resource Routing Attacks Against Anonymous Systems")

xiando xiando at
Mon Feb 26 03:15:09 UTC 2007

> Concerning an ISP controlling both entry and exit nodes:  when Tor
> clients build paths, they avoid choosing two nodes on the same /16
> subnet (see path-spec.txt).  So, it does not seem that this is likely to
> happen.

This is false. These are actually both at the same ISP (Same datacenter, same 
provider): - Tor router Nadia. - Tor router Lillemy.

In this case there's no simple way to figure out that they are next to each 
other (sort if, four rows of racks away or something like that). They're in 
MyFamily, so Tor knows not to use both of those in the same path in this 
case, but it should be assumed that The Adversary isn't going to tell Alice 
or Bob about it's involvement with multiple routers.

Just to give another example, some of Norwegian Goverument ISP 
Telenor's /16's:

It don't know if this information really matters regarding the paper in 
question. I just wanted to point out that looking at /16, or /8 for that 
matter, does not in any way prevent one Tor circut from going entirely within 
one ISP's network.

Does it really matter? I don't know. Something like the directory authorities 
looking at the servers netname: could be one way of identifying routers 
within one ISP.

But.. that'll probably help if the ISP is the adversary. And this may be the 
case. So perhaps only one tor router pr. ISP would be a good idea.

It may also be the case that ISPs in a whole country is the adversary, for 
example, SORM hardware connected to Federal Agency of Government 
Communications and Information (FAGCI) is installed at ALL the ISPs (There 
are some fights about this laid out the press from time to time, some refuse, 
but generally speaking ISPs got SORM). FAGCI also owns RELCOM, a major ISP.

So FAGCI as the adversary: No exit/entry within Russia in the same circut. But 
does listing a whole country as one family help? Is it a good idea? Or is /16 

My personal assumption is that if FAGCI  wants to know the location of US 
forces in Irak and around Iran - so they can pass it on to Iran - and we 
assume they assuming the US use Tor for their security...

...then FAGCI should just sign up Tor-servers at as many different ISP's 
around the world as they can afford (And FAGCI is very well-funded).

Which kind of leaves the solution: Grow Bigger. Tell your friends to run 
Tor-servers. Tell your corporation to do so. Tell NSA and other branches of 
DoD to do so. And FAGCI. ;-)

It's possible to change path-spec.txt to look at ripe's netname:, or look at 
the country, or look at /8 instead of /16. But the real answer as I see it is 
just a way bigger Tor-network, 800 routers, pfft, setup 800 yourself and 
you're half the network. 8.000 routers, now it's getting very expensive to be 
half the network.

More information about the tor-talk mailing list