[tor-talk] End-to-end correlation for fun and profit

The Doctor drwho at virtadpt.net
Tue Aug 21 17:21:51 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/20/2012 08:49 AM, fakefake at tormail.org wrote:
> Good pointing at this. Gets much too less attention. You need much 
> less wiretapping orders. Just one. Wiretap the internet exchange 
> point and get any Tor user.

Those are all excellent points.  My question is what the implications
of the following are insofar as this analysis is concerned:

How Tor picks nodes out of the set of all known Tor nodes:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/path-spec.txt#l184

How Tor avoids picking sibling nodes when charting a path through the
network:
https://gitweb.torproject.org/tor.git/blob/49d150a9fad2cb8d3887af1e112b15365c11f4ba:/src/or/routerlist.c#l1350

Tor detecting siblings:
https://gitweb.torproject.org/tor.git/blob/49d150a9fad2cb8d3887af1e112b15365c11f4ba:/src/or/routerlist.c#l1401

As I understand it, Tor nodes know IP addresses one up and one down in
a circuit.  I haven't read through the Tor codebase in a while (two or
three years), so my question is this: Does Tor apply the same family
avoidance check when picking nodes to avoid routing traffic through,
say, two nodes on the same /16?  In other words, would Tor do this:

192.168.1.23  ->  172.16.23.93  ->  10.0.61.44

..or would this be a possible scenario:

192.168.1.23  ->  172.16.23.93  ->  192.168.88.77

(Reference: https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ,
section "Which Tor node knows what?" (which seems to need a link in
the ToC))

- -- 
The Doctor [412/724/301/703] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"And the flowers are still standing!" --Peter Venkman, _Ghostbusters_

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAzw68ACgkQO9j/K4B7F8GtVgCfT+oen7cmcLVl3rewvxBu/r3y
1ksAn111NbZ0Gv/gBPwymxhcPVGXjKBk
=dqeU
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list