Sampled Traffic Analysis by Internet-Exchange-Level Adversaries

coderman coderman at gmail.com
Mon May 28 11:23:51 UTC 2007


On 5/28/07, Steven Murdoch <tortalk+Steven.Murdoch at cl.cam.ac.uk> wrote:
> ...
> I do think that a global passive adversary is stronger than the real
> world situation. For example, such an adversary could read traffic
> between two computers in my office, which I suspect is outside of the
> NSA's capabilities, unless I were targeted for special attention.

thanks for the clarification.  i tend to forget that the "passive
adversary" applies to all network communication, not just internet
links across isp's, countries, and oceans...


> The point behind that section was to dispel the myth that traffic
> analysis is easy, because you can just run tcpdump on off-the-shelf
> hardware. Actually, on high-speed links it requires serious
> engineering effort to even capture the data, let alone store it.

ah, agreed; i was unaware of such a myth, and the thought of someone
trying to inspect 10GigE with a workstation and wireshark is comical.

thanks again for these efforts.

best regards,



More information about the tor-talk mailing list