[tor-talk] Is this a practical vulnerability?

Lasse Ă˜verlier tor at zone.no
Fri Oct 19 08:23:21 UTC 2012


In principle this is (as they write) very similar to earlier papers. The
major catch to their plan may be that if a hidden service already has
chosen its entry guards, and the "modified Tor nodes" are put out there
later - they ("malicious nodes") will therefore not be a part of the
path. But if they already have trusted entry nodes out there and the
client/hidden service selects by default Tor method - their attack (and
earlier ones) should be quite realistic.

Meaning that a hidden service should be very careful of which nodes it
selects as the entry node(s). Maybe Tor should *not* allow new entry
nodes (by default) to be added for hidden services upon unavailability
of old entry nodes because of this? Another option may be separation of
not trusting/adding new entry nodes for hidden services, but still do so
for the Tor client? (There is (was?) an option for StrictEntryNodes in
torrc which should be considered, but I seriously hope critical sites
are not hosted without deep knowledge of how the hidden services are
vulnerable.)

Be safe!

 - Lasse



On 19. okt. 2012 05:12, Lee Whitney wrote:
> I was reading a paper on discovering hidden service locations, and couldn't find any reason it shouldn't work in principle.
>
> However being that I'm a Tor novice, I wanted ask here.
>
> In a nutshell they propose throwing some modified Tor nodes out there that modify the protocol enough to track down the location.  It does take some time, but it doesn't seem like years.
>
> Any comment appreciated, here's a link to the paper:
>
> http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



More information about the tor-talk mailing list