The use of malicious botnets to disrupt The Onion Router

Ron Wireman ronwireman at gmail.com
Sat Feb 2 06:57:01 UTC 2008 

It seems to me that we owe a lot the roughly 1,500 people who donate their
bandwidth to our project at any one time.  They give us a tremendous gift
that allows us to participate in unpopular or even dangerous political
speech and debate, to by-pass inappropriately restrictive filters, and to
limit the amount of information about ourselves that we reveal to the
organizations who run the Internet sites we access.  I don't wish to divulge
some of the ways in which I've used tor to protect myself, but I'm sure all
of you reading this list can think of many examples where it has assisted
you in your own life and most of you use it on a frequent basis.  All of
this comes at the cost of time and money from many volunteers who receive no
benefit whatsoever from relaying your traffic for you.

It seems to me, however, that even this gracious act of charity may be no
match for the types of attacks we may be faced with as we become more
popular and, as a result, more of a target. The number of users running tor
nodes pales in comparison to the number of computers that may be in any one
of the many individual botnets, which are groups of hijacked computers
controlled in unison by a single entity.  The largest of these botnets ever
discovered had over 1,000 times the number of nodes that tor does.  What
happens when one of these botnets are commanded to join tor all at once and
begin harvesting private data that people naively did not encrypt or, worse,
replacing all pictures requested with goatse.jpg?  These and other malicious
acts could easily take place, perhaps even perpetrated by a malevolent
government entity, and would cause significant disruption to our router.

We must take expedient measures to prevent this type of attack, because as
of now, tor is quite vulnerable, perhaps even critically so.  The group of
computers that make up the official Network Time Protocol pool, a network
that is used to provide extremely accurate time synchronization for millions
of computers around the world, has a manually administrated list.  Since it
has about as many nodes on it as tor has, it suggests that maintaining such
a list would not be difficult.  It seems to me that this would be an
excellent way to prevent a node flood attack.  Without it, tor will be rot.

Awaiting your comments anxiously,

Ron Wireman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080202/ab7825ec/attachment.htm>

More information about the tor-talk mailing list