What to do at IP number change?
Jon McLachlan
mcla0181 at umn.edu
Tue Jan 8 20:15:05 UTC 2008
dr._no at cool.ms wrote:
> Another point is that without a tor server my home would be vulnerable to traffic
> analysis and a further point is that a tor server is more safe than only a client.
>
I think this depends largely on what type of traffic analysis we're
talking about. Traffic analysis, just looking at traffic, almost always
divulges some level of information. For example, if a local passive
adversary simply watched a Tor Relay that was suspected to also contain
a Tor Client, then one could imagine a simple traffic analysis as follows:
1) Establish running totals of all incoming and outgoing traffic from
the machine.
2) Then, closely monitory when it is the case that the outgoing traffic
level "spikes" or when the incoming traffic level "spikes" as they could
indicate that a Tor Client was using the relay as an entry point. How
much it "spikes" could fingerprint a website ... or even be a
maliciously modulated signal from an evil server might you might have
connected to via your tunnel.
This exploits the behavior of a basic Tor Relay, in which everything
that enters a relay must [immediately] leave that relay. This traffic
alone would generate what appears equal/average incoming and outgoing
msgs. Any spikes in the entering / leaving traffic is therefore
probably not from the Tor Relay itself, but, from something else. (or
course, this ignorse dir service lookups, bridges, and prly a few other
things).
Sounds like an interesting research project.
Best Regards,
~Jon
More information about the tor-talk
mailing list