[tor-talk] Cloak Tor Router
michi1 at michaelblizek.twilightparadox.com
michi1 at michaelblizek.twilightparadox.com
Mon Nov 3 16:58:56 UTC 2014
Hi!
On 10:34 Mon 03 Nov , Lars Boegild Thomsen wrote:
> On Sunday 02 November 2014 11:36:14 michi1 at michaelblizek.twilightparadox.com wrote:
...
> > 2) Every device can sniff on traffic from all other devices on the same
> > network. If you have one device which is compromised or somebody breaks the
> > wifi securety you are in trouble.
>
> WiFi clients are isolated from each other so no - if someone break Wi-Fi security they can access the Tor network (or the internet - depending on which Wi-Fi network they break), but in order to sniff traffic from other devices the Cloak device itself would have to be accessed (ie. root password guessed) and the device reconfigured (disable wifi isolation).
What prevents me from setting up a DHCP server or sending false ARP responses
to route all traffic to me?
> > 3) Depending on the configuration you may end up routing traffic from multiple
> > devices over the same circuit.
>
> This one surprises me a bit. The Tor manual states:
>
> IsolateClientAddr
> Don’t share circuits with streams from a different client address. (On by default and strongly recommended; you can disable it with NoIsolateClientAddr.)
>
> Each client will have their own address so it is my understanding circuits will not be shared.
Ok, this should do it.
> > You will almost certainly route traffic from
> > different programs on the same device over the same circuit. This may allow an
> > exit node operator to correlate multiple identities.
>
> Wouldn't that be solved by enabling:
>
> IsolateDestPort
> Don’t share circuits with streams targetting a different destination port.
I do not think this actually solves it. For example there are many programs
which use HTTP even tough they have nothing to do with web browsing. Also
there are programs (like P2P) which use random ports and may cause lots of
circuits being established.
-Michi
--
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
More information about the tor-talk
mailing list