ISP controlling entry/exti ("Low-Resource Routing Attacks Against Anonymous Systems")

Ringo Kamens 2600denver at
Mon Feb 26 03:23:03 UTC 2007

That's true and perhaps tor should have a country hopping system. If
we only allowed one-per-country-per-circuit then tor would defend
against everything except ECHELON and governments posing as
corporations/individuals running tor circuits.
Ringo Kamens

On 2/25/07, xiando <xiando at> wrote:
> > Concerning an ISP controlling both entry and exit nodes:  when Tor
> > clients build paths, they avoid choosing two nodes on the same /16
> > subnet (see path-spec.txt).  So, it does not seem that this is likely to
> > happen.
> This is false. These are actually both at the same ISP (Same datacenter,
> same
> provider):
> - Tor router Nadia.
> - Tor router Lillemy.
> In this case there's no simple way to figure out that they are next to each
> other (sort if, four rows of racks away or something like that). They're in
> MyFamily, so Tor knows not to use both of those in the same path in this
> case, but it should be assumed that The Adversary isn't going to tell Alice
> or Bob about it's involvement with multiple routers.
> Just to give another example, some of Norwegian Goverument ISP
> Telenor's /16's:
> It don't know if this information really matters regarding the paper in
> question. I just wanted to point out that looking at /16, or /8 for that
> matter, does not in any way prevent one Tor circut from going entirely
> within
> one ISP's network.
> Does it really matter? I don't know. Something like the directory
> authorities
> looking at the servers netname: could be one way of identifying routers
> within one ISP.
> But.. that'll probably help if the ISP is the adversary. And this may be the
> case. So perhaps only one tor router pr. ISP would be a good idea.
> It may also be the case that ISPs in a whole country is the adversary, for
> example, SORM hardware connected to Federal Agency of Government
> Communications and Information (FAGCI) is installed at ALL the ISPs (There
> are some fights about this laid out the press from time to time, some
> refuse,
> but generally speaking ISPs got SORM). FAGCI also owns RELCOM, a major ISP.
> So FAGCI as the adversary: No exit/entry within Russia in the same circut.
> But
> does listing a whole country as one family help? Is it a good idea? Or is
> /16
> enough?
> My personal assumption is that if FAGCI  wants to know the location of US
> forces in Irak and around Iran - so they can pass it on to Iran - and we
> assume they assuming the US use Tor for their security...
> ...then FAGCI should just sign up Tor-servers at as many different ISP's
> around the world as they can afford (And FAGCI is very well-funded).
> Which kind of leaves the solution: Grow Bigger. Tell your friends to run
> Tor-servers. Tell your corporation to do so. Tell NSA and other branches of
> DoD to do so. And FAGCI. ;-)
> It's possible to change path-spec.txt to look at ripe's netname:, or look at
> the country, or look at /8 instead of /16. But the real answer as I see it
> is
> just a way bigger Tor-network, 800 routers, pfft, setup 800 yourself and
> you're half the network. 8.000 routers, now it's getting very expensive to
> be
> half the network.

More information about the tor-talk mailing list