[tor-talk] Exit snooping 'research'
katmagic
the.magical.kat at gmail.com
Thu Feb 24 19:47:57 UTC 2011
On Thu, 24 Feb 2011 02:45:34 -0500
grarpamp <grarpamp at gmail.com> wrote:
> > Of course, until you factor in the information we received later which
> > is that a researcher has apparently been using a technique to discover
> > "passively" eavesdropping nodes, and the node in question here came
> > up. Sort of mooting the whole discussion until the research is
> > published.
>
> The above has been mentioned twice now as some sort of
> pending serious, paper worthy, research.
> Some corrective Network Engineering 101 is obviously needed here
> before some poor soul ends up mis-educated.
> There is NO way to detect passive monitoring unless you have access
> to the monitor. Real world passive monitoring involves mirrored
> upstream switch ports or optical splitters. No contact, separate devices,
> that's why it's called passive. Don't try to mention optical dB loss, spectral
> anomalies, bump insertion events, TEMPEST, heat and power consumption...
> because, as a user, you don't have access to those. Nor try to claim
> anything about running BPF on the same machine as the node thus
> overloading the box and perturbing flows or exploiting the listener
> process.... because that's not proper passive snooping and thus you're doing
> it wrong.
>
> Now you could properly rename that 'detection' word to 'entrapment'
> where you watch for the use of your unique seed. But that's a different
> thing, obviously.
>
> Now if you'll excuse me, I have another 100GiB of quietly recorded traffic
> to sift through before Friday ;-)
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
The detection method uses secret magic that depends on the sniffing node on
doing subtle non-passive things not mentioned in this thread.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110224/1ebd270d/attachment.pgp>
More information about the tor-talk
mailing list