Hi,
On Thu, 12 Jun 2008 16:26:48 -0700, "Mike Perry" <[EMAIL PROTECTED]> said: > Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): > > > I just noticed this talk at the Security and Privacy Day from May 2008. > > While I understand that Tor's thread model does not defend against a GPA > > I am still curious what effect this attack can have against the current, > > real Tor network? > > > > Simulating a Global Passive Adversary for Attacking Tor-like Anonymity > > Systems > > http://web.crypto.cs.sunysb.edu/spday/ > > A handful of comments about the paper (many of these they themselves > brought up, but some they did not): > > [snip] That is great info and very well explained, thank you. Your response was exactly what I was hoping for. > A couple countermeasures that are possible: > > 1. Nodes that block ICMP and filter closed TCP ports are less > susceptible to this attack, since they would force the adversary to > measure the capacity changes at upstream routers instead (which will > have other noise introduced due to peers utilizing the link as well). I > am wondering if this means we should scan the network to see how many of > these top nodes allow ICMP and send TCP resets, and if it is feasible to > notify their operators that they may want to consider improving their > firewalls, since we're only talking about 100-150 IPs here. There are a > lot more critical things to scan for though, so this is probably lower > priority. I am considering running an exit relay. I have a software firewall to stealth ports (ICMP, TCP, etc) and I assume "filter" is synonymous with "stealth"? When I enable my relay (cable Internet connection) I will most likely use BandwithRate of 1048576kb and a BandwidthBurst of 2097152kb. Does this mean my node is more susceptible to this attack? Also, I have the bandwidth to set BandwithRate of 2097152kb and a BandwithBurst of 4194304kb; would this larger rate be preferable? > 2. Roger pointed out that clients can potentially protect themselves > by setting 'BandwidthRate 25KB' and setting 'BandwidthBurst' to some > high value, so that short lived streams will still get high capacity > if it is available, but once streams approach the 10-20minute lifetime > needed for this attack to work, they should be below the detectable > threshold. What is considered a high BandwidtBurst setting? > I think this is a somewhat ugly hack, and should probably > be governed by a "High Security Mode" setting that would be > specifically tuned to this purpose (and be a catching point for other > hacks that protect against various attacks but at the expense of > performance/usability). Could you please elaborate on these other hacks? What other settings should be used for those who prefer security/anonymity over performance/usability? In your opinion what settings and actions constitute a "High Security Mode"? > All this aside, this is a very clever attack, and further evidence > that we should more closely study capacity properties, reliability > properties, queuing properties, and general balancing properties of > the network. > > > -- > Mike Perry > Mad Computer Scientist > fscked.org evil labs Thank your for your time and assistance, -gojosan -- [EMAIL PROTECTED] -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html