The use of malicious botnets to disrupt The Onion Router

Ben Wilhelm zorba-tor at pavlovian.net
Sat Feb 2 06:59:18 UTC 2008 

A manually administered . . . centralized list? Because, call me crazy, 
but a centralized list of "authorized routers" has some very, very 
obvious flaws in it, both technical and security-related.

-Ben

Ron Wireman wrote:
> It seems to me that we owe a lot the roughly 1,500 people who donate 
> their bandwidth to our project at any one time.  They give us a 
> tremendous gift that allows us to participate in unpopular or even 
> dangerous political speech and debate, to by-pass inappropriately 
> restrictive filters, and to limit the amount of information about 
> ourselves that we reveal to the organizations who run the Internet sites 
> we access.  I don't wish to divulge some of the ways in which I've used 
> tor to protect myself, but I'm sure all of you reading this list can 
> think of many examples where it has assisted you in your own life and 
> most of you use it on a frequent basis.  All of this comes at the cost 
> of time and money from many volunteers who receive no benefit whatsoever 
> from relaying your traffic for you.
> 
> It seems to me, however, that even this gracious act of charity may be 
> no match for the types of attacks we may be faced with as we become more 
> popular and, as a result, more of a target. The number of users running 
> tor nodes pales in comparison to the number of computers that may be in 
> any one of the many individual botnets, which are groups of hijacked 
> computers controlled in unison by a single entity.  The largest of these 
> botnets ever discovered had over 1,000 times the number of nodes that 
> tor does.  What happens when one of these botnets are commanded to join 
> tor all at once and begin harvesting private data that people naively 
> did not encrypt or, worse, replacing all pictures requested with 
> goatse.jpg?  These and other malicious acts could easily take place, 
> perhaps even perpetrated by a malevolent government entity, and would 
> cause significant disruption to our router.
> 
> We must take expedient measures to prevent this type of attack, because 
> as of now, tor is quite vulnerable, perhaps even critically so.  The 
> group of computers that make up the official Network Time Protocol pool, 
> a network that is used to provide extremely accurate time 
> synchronization for millions of computers around the world, has a 
> manually administrated list.  Since it has about as many nodes on it as 
> tor has, it suggests that maintaining such a list would not be 
> difficult.  It seems to me that this would be an excellent way to 
> prevent a node flood attack.  Without it, tor will be rot.
> 
> Awaiting your comments anxiously,
> 
> Ron Wireman

More information about the tor-talk mailing list