Rogue exit nodes - checking?

John M. Schanck jms07 at hampshire.edu
Sun Jun 20 23:09:52 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Sun, Jun 20, 2010 at 11:58:45PM +0200, slush wrote:
[snip]
> There are two ways how to fight attackers:
> a) Opensource scanner and beat them by spending months on scanner improvements.
> b) Leave scanner closed and piss them up (my way)

I think you and Anders are both oversimplifying the situation. An attacker may
be able to determine the profile for a normal Tor user, and they may determine
the profile for an exit scanner - but our job in designing any scanner (open or
closed source) is to make the task of delineating between the two as difficult as
possible. As I'm sure you're aware, we can actually quantify how difficult such
a task is using information theoretic techniques, and so we may develop an
objective measure for comparing scanners which is entirely independent of their
being open or closed source.

That said, SoaT also has a "closed source" component, specifically the
configuration file we actually use when running it. Withholding this
information makes an attackers job somewhat harder, so there is
something to be said for not revealing your hand too soon.

> I think your irony isn't outright. Trust me I didn't spend almost year
> of my life on bullshit.
> 
> John: I know SoaT quite well, I originally consider to improve it. But
> my attitude is quite different. SoaT checks everything else than
> content (as you wrote: SSL, policy etc) - and throws many false
> positives once content differs a bit. I'm interested just in content.
> 
> Marek

Marek: I for one highly doubt that you spent a year of your life on
bullshit and would be very interested in reading your thesis and
discussing this topic further - is it available online? SoaT does
somewhat more subtle content scans than you make it out to, but I'll
agree they're far from perfect, and that's why I'm spending several
months of my life working to improve them :).

Cheers,
John

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkwen5EACgkQke2DTaHTnQlJ1gCeJllRlBoUnE7KL9laDCJbIwkc
vikAoI9rtTJUunqWoUUtDVUuY/E0KjpG
=K4Aw
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkwen8AACgkQke2DTaHTnQlFZwCfRmOtDdaD+ffz/ZBoNl785f7T
9qwAni5D4vJAuqjE/tAe2AuS3ZlTwQH8
=rg20
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list