My two cents to previous discussions:
https://lists.torproject.org/pipermail/tor-talk/2016-March/040639.html
https://lists.torproject.org/pipermail/tor-talk/2016-April/040816.html
https://lists.torproject.org/pipermail/tor-talk/2016-June/041058.html
Admin of another hidden service told people he s
Oskar Wendel:
> Mike Perry :
>
> > I'm still with Roger on being careful about assuming its an attack (and
> > not a bug, or other emergent behavior) before conducting more tests. At
> > least, that is what proper engineering and science demands before we can
> > respond, anyway.
>
> Yes, I agree
If I'm a global adversary, all I have to do is drop packets and see if
they are resent. I could do that sequentially for each tor circuit.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/to
I'll comment about my previous message:
https://lists.torproject.org/pipermail/tor-talk/2016-March/040677.html
Recently admin of that service decided to shut it down. He told about
personal reasons like moving to another place where he will be unable to
get stable internet connection to manage his
Oskar Wendel:
> If I limit the transfer rate in a client to a small value (I tried 5
> kB/s), the download is stable and interruptions do not occur.
This is interesting. Could you check other speeds too (50 kB/s, 100 kB/s)?
> Full dump, from SYN to FIN, can be found below. SEND are packets from m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
coderman :
>> Let's assume that the service is extremely popular, with over 6 terabytes
>> of traffic each day, and a gigabit port almost constantly saturated. Then,
>> we can observe a small handset of guards and still be able to spot at
>> least som
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
grarpamp :
> ... the OP appears to know the onion url and refers to fora
> discussion the situation. So OP should post those links for
> others to review analyse formulate hypothesis etc.
Yes, I know the URL, but (as notwith already said):
1. The si
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike Perry :
> I'm still with Roger on being careful about assuming its an attack (and
> not a bug, or other emergent behavior) before conducting more tests. At
> least, that is what proper engineering and science demands before we can
> respond, anyw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
First, thank you "notwith" for your input. At least I'm not alone...
Sorry for replying that late, but I didn't have time to look at this issue
during the week.
I have a few new facts.
1. If I limit the transfer rate in a client to a small value (I
I've just subscribed to the list, sorry for late replies.
I'll add few details to this discussion.
krishna e bera:
> What evidence have you seen?
Roger Dingledine:
> This assumed scenario seems extremely unlikely to be happening in
> practice.
> And second because the
> graph at https://metrics.t
On 3/19/16, Oskar Wendel wrote:
> ...
> Let's assume that the service is extremely popular, with over 6 terabytes
> of traffic each day, and a gigabit port almost constantly saturated. Then,
> we can observe a small handset of guards and still be able to spot at
> least some users.
the problem wi
On 3/20/16, Mike Perry wrote:
> It could also be due to the fact that Tor is effectively
> single-threaded. If something on the user's guard node, intermediate
> node, or hidden service is taking large amounts of CPU time, this will
> prevent traffic from flowing while that operation is happening.
On 3/20/16, Mike Perry wrote:
> For example, I wonder if users see such interrupts on all of their Tor
> traffic at that time, or just hidden service traffic? Or just hidden
> service traffic to specific services?
... the OP appears to know the onion url and refers to fora
discussion the situatio
Oskar Wendel:
> Roger Dingledine :
>
> >> Let's assume that the service is extremely popular, with over 6 terabytes
> >> of traffic each day, and a gigabit port almost constantly saturated.
> >
> > This assumed scenario seems extremely unlikely to be happening in
> > practice. First because ther
Tor and other overlays also uses only TCP, which may provide some sort
of enhanced end2end specific directable observability stream container.
Opposed to UDP or raw packet which may offer more options
to develop / layer various anti active / passive attack methods,
including traffic spreading and r
On 3/18/16, Oskar Wendel wrote:
> Let's set up a service in a way that it will modulate the traffic, so the
> download would look like:
That's active manipulation in / at one endpoint node.
> Then, we monitor traffic flowing into various entry nodes (remember we're
> a global adversary, having d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
krishna e bera :
> What evidence have you seen?
I only seen how it behaves, I have no evidence it's an active attack,
being mounted by the authorities, but given the site profile, I wouldn't
be surprised...
- --
Oskar Wendel, o.wen...@wp.pl.remov
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roger Dingledine :
>> Let's assume that the service is extremely popular, with over 6 terabytes
>> of traffic each day, and a gigabit port almost constantly saturated.
>
> This assumed scenario seems extremely unlikely to be happening in
> practice.
On Sat, Mar 19, 2016 at 11:02:44AM +, Oskar Wendel wrote:
> Let's assume that the service is extremely popular, with over 6 terabytes
> of traffic each day, and a gigabit port almost constantly saturated.
This assumed scenario seems extremely unlikely to be happening in
practice. First becaus
On 03/19/2016 07:02 AM, Oskar Wendel wrote:
> Roger Dingledine :
>> The third question you might ask is: can I inject these signals in a
>> way that they're still recognizable to me, but observers don't realize
>> that anything weird is going on with the traffic? That is, can I do
>> this active tr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roger Dingledine :
> One of the questions to ask is how many points you need to watch in order
> to be in a position to launch the attack. This is where Tor fares better
> than centralized approaches like VPNs or single-hop proxies, and it's
> Tor's b
On Sat, Mar 19, 2016 at 04:02:53AM +0100, coderman wrote:
> On 3/19/16, Oskar Wendel wrote:
> >...
> > Let's set up a service in a way that it will modulate the traffic, so the
> > download would look like:
> > [ some distinct signaling here...]
>
> yes; it's a traffic confirmation attack, and by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Let's assume that a global adversary sets up (or seizes) a hidden service
with illegal content and wants to deanonymize users who download this
content from this service.
Users are educated, use only trusted, newest software and have all plugins
di
On 3/19/16, Oskar Wendel wrote:
>...
> Let's set up a service in a way that it will modulate the traffic, so the
> download would look like:
> [ some distinct signaling here...]
yes; it's a traffic confirmation attack, and by interrupting the flow
you confirm that the endpoints in question are in
24 matches
Mail list logo
