[tor-talk] The New Threat: Targeted Internet Traffic Misdirection

Seth David Schoen schoen at eff.org
Thu Nov 21 17:33:06 UTC 2013

BM-2D9WhbG2VeKsLCsGBTPLGwDLQyPizSqS85 at bitmessage.ch writes:

> Since I thought it might be interesting to consider the potential
> implications of BGP-related attacks described above if applied to guard or
> exit relays, I wanted to share the following article:
> http://www.renesys.com/2013/11/mitm-internet-hijacking/
> That post also refers to an earlier, related post:
> http://www.renesys.com/2010/11/chinas-18-minute-mystery/
> Any thoughts/reactions from a Tor standpoint?

You can't use BGP redirection to impersonate a node because the
individual nodes have unique cryptographic keys that are listed in
the Tor directory consensus.  (We need all other Internet services
to move to having unique cryptographic keys, too, so that people
who can control and redirect networks can't impersonate them!)

You could use BGP redirection to become able to spy on traffic
headed to a guard node or coming out of an exit node that would
otherwise not have passed through networks that you control.
The most relevant consequence of that would probably be increasing
the probability that the attacker can successfully do a traffic
correlation or confirmation attack.

Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107

More information about the tor-talk mailing list