[tor-talk] Traffic shaping attack
notwith at sigaint.org
notwith at sigaint.org
Sun Mar 27 14:43:42 UTC 2016
Oskar Wendel:
> If I limit the transfer rate in a client to a small value (I tried 5
> kB/s), the download is stable and interruptions do not occur.
This is interesting. Could you check other speeds too (50 kB/s, 100 kB/s)?
> Full dump, from SYN to FIN, can be found below. SEND are packets from my
> socks client to the Tor, RECV are packets from Tor to my socks client. It
> was a small (interrupted by me) download, but with larger downloads it
> looks very similar.
Thank you for this work. Hopefully, other users will comment on it.
>> It could also be due to the fact that Tor is effectively
>> single-threaded. If something on the user's guard node, intermediate
>> node, or hidden service is taking large amounts of CPU time, this will
>> prevent traffic from flowing while that operation is happening.
>
> It would have to run within a realtime scheduler to completely block Tor
> for several seconds... very few applications use this scheduler, at least
> in Linux.
This should not be the case. http://obscuredtzevzthp.onion has comparable
download speeds, where I easily get 600 kB/s, but cannot see any
interrupts. I conclude it is either that particular HS software
configuration or attack on that particular HS.
More information about the tor-talk
mailing list