The "de-Tor-iorate Anonymity" talk by Nathan Evans at DEFCON 16
Rochester TOR Admin
onionroutor at gmail.com
Fri Aug 15 18:58:51 UTC 2008
I'll comment on that but I know Roger and others were there that might be
able to explain it better.
The idea is that Tor _used to_ allow a user to define an infinite path when
creating circuits so an attacker could generate circular circuits causing
the queue on those circuits to go up, using up processing power, causing
latency etc. This was done using a what he define as "DoS Client" and "DoS
Server". So he would attempt to DoS partitions of the Tor network causing
slow downs for all Tor servers involved.
At the same time an attacker would run a malicious Tor exit node that would
inject a <javascript ping> into the traffic which would connect back to a
server which then records how often that ping is received which effectively
measured the latency on that circuit. So if a client was not using one of
the relays that was affected by the circular circuit, the latency would be
normal. If the client _did_ use one of the nodes that were being DoS'd, the
latency would suddenly spike thus proving that the entry node was a member
of the DoS'd circuit.
The DoS attack would be done on different circuits until they finally found
one that would slow down the latency of the attacked client which would show
1) the exit node (since it was owned by the attacker), 2) the relay node
that was used,(again because the attacker owned the exit), and 3) the entry
node (because it was affected by the DoS) turning Tor into the single proxy
as it proposed to do.
If anyone is intersted in the presentation - it lacks the technical details
but has a good overview - I don't think I can post it here so email me
offline.
Nathan Evans recommended not using fixed path lengths (>3 nodes in a
circuit), don't allow infinite path lengths which is fixed in the newest
version of Tor, induce delays which is not going to happen, and then the
rest we know - disable javascript, use SSL, and monitor exit nodes (see
TorFlow).
The presentation was kind of crappy and it's a complicated attack so correct
any of this if I"m wrong.
~ROC Tor Admin
onionroutor at gmail
On Fri, Aug 15, 2008 at 1:26 PM, Quelque Rodentis <qrodentis at gmail.com>wrote:
> Hi,
>
> Back in May when the "de-Tor-iorate Anonymity" talk by Nathan Evans at
> DEFCON 16 was announced it was discussed on this list. The (short)
> discussion concluded with a decision to wait and see...
>
> Now the talk has been given (a week ago) but so far nothing has been
> said about its contents on this list. I guess I'm not the only one
> wondering what new attacks were presented (if any), would anyone
> attending DEFCON care to comment?
>
> Regards,
>
> Quelque Rodentis
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080815/65aa3809/attachment.htm>
More information about the tor-talk
mailing list