[tor-talk] Traffic shaping attack
grarpamp
grarpamp at gmail.com
Sun Mar 20 21:21:17 UTC 2016
On 3/18/16, Oskar Wendel <o.wendel at wp.pl> wrote:
> Let's set up a service in a way that it will modulate the traffic, so the
> download would look like:
That's active manipulation in / at one endpoint node.
> Then, we monitor traffic flowing into various entry nodes (remember we're
> a global adversary, having direct access to infrastructure around the
> globe) and spot the traffic that matches our pattern.
That's global / regional passive listening, needing be concerned
minimally visibility with just any other G/R IP endpoints without
needing track entire path.
Which, if presumed and likely to be deployed, combine to be nicely
effective, whether finding such clients, or services on Tor, I2P, etc.
Attack could be made much more difficult quite possibly defeated
if all nodes engaged in bucketed reclocked and jittered fill traffic with
each other (possibly along some virtual path distance >=1 hop)
and enforced peering relationships based upon receipt of same
expected and contractually obligated traffic (would you talk to or
retransmit for a node that acted sent packets as you say... fuck no).
More information about the tor-talk
mailing list