[tor-talk] End-to-end correlation for fun and profit

Maxim Kammerer mk at dee.su
Tue Aug 21 21:52:04 UTC 2012


On Tue, Aug 21, 2012 at 11:25 PM, tagnaq <tagnaq at gmail.com> wrote:
> I think karsten's graphs from #6443 fit also well to this thread:

Bingo — in the first graph in the ticket [1] you see that the
probability gets to ~80% when the number of nodes gets to 40. What
this graph doesn't show, however, is that many of these nodes are
attached to the same switch, or even run on same machine in different
VMs, or on different IPs (some even run on same IP). After accounting
for that, the number of tiny networks (at least /28, from going over
the list in the original message) and nodes one needs to intercept in
order to get the same 80% figure gets down to ~25. And of course, if
one is smarter about choosing which nodes to intercept, the
probability of seeing both entry and exit traffic is also significant:
~25%. It is also possible to do something in between (choose some
Guard-only and Exit-only nodes), but my laziness kicked in at that
point of analysis.

Here are the network again, in case anyone has the resources and is
curious enough about who does what with Tor:

DE 31.172.30.[1-4]
GB 146.185.23.179
NL 77.247.181.{162,164}
RO 109.163.233.{200-201,205}
CA 198.96.155.3
US 199.48.147.[35-41]
DE 212.84.206.250
FR 178.32.211.{130,140}
US 204.8.156.142
US 173.254.216.[66-69]
SE 78.108.63.44
US 96.44.189.102
GB 178.33.169.35
CZ 212.79.110.28
US 66.180.193.219
DE 88.198.100.{230,233}
LU 212.117.180.65
SE 81.170.186.175
CH 62.220.135.129
SE 84.55.117.251
DE 85.31.187.132
CA 8.18.172.156
FR 213.251.185.74
US 69.42.212.2
FR 37.59.82.50

[1] https://trac.torproject.org/projects/tor/attachment/ticket/6443/exit-probability-cdf-2012-07-23-2.png

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte


More information about the tor-talk mailing list