flooding attacks to discover hidden services
Paul Syverson
syverson at itd.nrl.navy.mil
Mon Jan 1 22:34:39 UTC 2007
On Mon, Jan 01, 2007 at 06:22:52PM +0000, Steven Murdoch wrote:
> On Tue, Jan 02, 2007 at 01:39:05AM +1100, Wikileaks wrote:
> > Open an onion connection to the hidden service, asking for echos.
> > Now flood each router. If the "ping" is overly delayed, the router
> > is on the hidden path.
>
> This is a special case of the attack described in 5.2 of [1].
>
Right. I was misreading you at first as repeatedly flooding requests
to the hidden server and having hostile Tor nodes detect when they are
on the path. I think though what you ask is much closer to the attack
described in Steven's paper than to the attack in the paper I cited.
He has already noted the main pros and cons of how the hidden server
is configured (wrt the Tor network) and how it behaves wrt this
attack. A further note is that the attack in Steven and George's
paper was successful when the Tor network consisted of about 35 nodes
and for routes consisting of relatively low bandwidth nodes. It is an
interesting open question if something comparable could scale up to
the current network. In principle it should, but I suspect the
engineering of it would be much harder and would involve synching many
attack-flooding clients. It might cause other problems for the Tor
network before it succeeds in general, if it can at all. But, it could
also be interesting to see if this succeeds substantially more often
than roughly c^2/n^2 because the perecentage of attackable paths has
some nice properties (from the attacker's perspective).
aloha,
Paul
More information about the tor-talk
mailing list