same first hops

M moeedsalam at gmail.com
Thu Oct 9 03:50:49 UTC 2008


ok understood, so in actuality he would have to be observing 3 things:

1) The user' s computer (timing and size)
2) the first hop ((timing and size)

3) the last hop ((timing, size and anythign else)

He would have to be observing the user computer, as there would be no other
way to correlate the first hop with the user, since the IP is hidden at the
first hop, correct?
On Thu, Oct 9, 2008 at 6:41 AM, Gregory Maxwell <gmaxwell at gmail.com> wrote:

> On Wed, Oct 8, 2008 at 11:34 PM, M <moeedsalam at gmail.com> wrote:
> > On Thu, Oct 9, 2008 at 6:31 AM, Gregory Maxwell <gmaxwell at gmail.com>
> wrote:
> >>
> >> On Wed, Oct 8, 2008 at 11:23 PM, M <moeedsalam at gmail.com> wrote:
> >> > Thanx Gregory  and F.Fox...understood the concept. Just one note
> though:
> >> >
> >> > "Tor (like all current practical low-latency anonymity designs) fails
> >> > when
> >> > the attacker can see both ends of the communications channel. For
> >> > example,
> >> > suppose the attacker is watching the Tor relay you choose to enter the
> >> > network, and is also watching the website you visit."
> >> >
> >> > When it says "watching" does it mean? I thought the info was encrypted
> >> > (except the last hop) and the IP invisible? Does it mean timing
> attacks?
> >>
> >> Yes. A Timing/Sizing attack.  He sees the last hop exit.
> > but it says "first hop"
>
> Sorry, I accidentally hit send.
>
> Consider: Nothing prevents you from running multiple tor nodes. A well
> funded party might run dozens or hundreds.  If the attacker controls
> both the entry and the exit that you are using he can look at the
> unencrypted traffic leaving the exit and correlate it with the timing
> and sizes of the data on the the entrances he controls.  He could also
> do things like intercept your TCP connections leaving the exit and
> stuff them with megabytes of junk data and then watch for the traffic
> spike on any of the entrances he controls.
>
> If you think about it for a bit you'll realize why changing entrances
> all the time would maximize your exposure to this attack. Eventually
> you would land on the bad guy's entrance and he could track you down.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20081009/1a3a82e5/attachment.htm>


More information about the tor-talk mailing list