[tor-dev] Guard nodes and network down events
Tom Ritter
tom at ritter.vg
Thu Aug 14 13:18:03 UTC 2014
On 13 August 2014 07:47, George Kadianakis <desnacked at riseup.net> wrote:
> The fundamental issue here is that Tor does not have a primitive that
> detects whether the network is up or down, since any such primitive
> stands out to a network attacker [3].
I'm not certain this is true. Windows and Mac OS detect whether or
not there is a Captive Portal/Internet connection. While one can
argue this is bad practice, piggybacking on a detection mechanism used
by default in widely deployed OS's seems like it would not stand out.
Windows has IsInternetConnected [0] which uses NCSI[1].
I know less about Mac, but there is SCNetowrkReachability [2].
Apparently the (undocumented) way that Apple uses to detect captive
portals is [3].
It's not very clean to emulate a request instead of using an API, if
it came down to it. But while it may seem dangerous to emulate a
request that can change in an OS patch... the reality of it is that as
long as you pay attention to the patches, you'd be able to deploy a
fix long before a non-negligible portion of people patched anyway.
-tom
[0] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366143(v=vs.85).aspx
[1] http://blog.superuser.com/2011/05/16/windows-7-network-awareness/
[2] https://developer.apple.com/library/mac/documentation/SystemConfiguration/Reference/SCNetworkReachabilityRef/Reference/reference.html
[3] http://blog.erratasec.com/2010/09/apples-secret-wispr-request.html#.U-y2KYBdWaQ
More information about the tor-dev
mailing list