[tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Ondrej Mikle
ondrej.mikle at gmail.com
Sun Apr 22 17:04:27 UTC 2012
On 04/21/2012 08:41 PM, Pascal wrote:
> MAC addresses are used by layer 2 protocols (see
> https://en.wikipedia.org/wiki/OSI_model ). Once an IP packet traverses a layer
> 3 device (such as a router) the srcMac has been changed to that of the router's
> egress interface. Unless your ISP provided your router, srcMac identifies only
> which router the packet came from, not the particular client.
>
> Decent routers randomize source ports to prevent traffic correlation (makes it
> harder to confirm that two streams from the same router came from the same client).
Well, yes. That's exactly the point why they want to store (srcPort, srcIP) <->
srcMac mapping so that they can identify people with private IPs hidden behind NAT.
Ondrej
More information about the tor-talk
mailing list