[tor-talk] Exit snooping 'research'
Mike Perry
mikeperry at fscked.org
Thu Feb 24 19:59:01 UTC 2011
Thus spake Olaf Selke (olaf.selke at blutmagie.de):
> Am 24.02.2011 08:45, schrieb grarpamp:
>
> > There is NO way to detect passive monitoring unless you have access
> > to the monitor.
>
> for each exit node I can set up a unique decoy email account one a
> machine controlled my myself, access it over unencrypted pop or imap
> sessions thru Tor and wait for a second login from a rogue exit operator
> trying to steal my mails. That's no rocket science.
There's also the approach described in section 5 of this paper, which
actually kind of clever, but might also catch things like intermediate
caching proxies. If we could figure out a way to get lots of random
black IP space and keep it secret, it would be a fun one to run
regularly:
http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf
http://systems.cs.colorado.edu/~bauerk/papers/PETS08_slides.pdf
There's quite a few other side channels available if you can get on
the same ethernet segment as a sniffer, or on the same VM host as a
suspicious tor node.
Most of these techniques are also fairly easy to evade, if you try.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110224/cd29a804/attachment.pgp>
More information about the tor-talk
mailing list