>> Then what is the implication of border nodes always resetting Source to t= >hemselves? >>=20 >> I think that would bring to light that they are border-nodes between the = >open and the closed network. > >What alternative do you suggest?
- conceal infrastructure: make anything look like the border node initiated the request; reset DataSource to itself and use maxHTL or any other fixed value for that to cleanly separate the darknet from the opennet and the opennet from the darknet - don't interact with data: route but don't store returned data (from open->dark and dark->open) in the data store of the border node so it's not possible to probe the store for requests of either net >> Analysis could be done because those border nodes often route requests wi= >th an HTL < maxHTL (because the request went some time through the darknet)= > although they pretend to be the Source; correlation attacks (border nodes = >tend to have a higher correlation=20 > >We are talking about DataSource here. The node which answered, not the >one which queried. you're right if the request has no RequestSource or anything like that. >> "randomness" by previous darknet routing steps than nodes requesting the = >files all by themselves); network harvesting with connection analysis (an h= >arvested opennet node has X routes to other nodes, analysis would reveal th= >at this node has X connections to other=20 >> nodes; border nodes have X to opennet and Y to darknet, a harvesting woul= >d only find the X links but network analysis would reveal X+Y links -> bord= >er node, possible entry point into the darknet: now either send Those Guys = >or disconnect every border node found to=20 >> separate the smaller darknet from the well-known opennet) > >Possibly. Traffic analysis is a threat and always will be; it is easier >if they know of one node in the first place. The hope is that it is >expensive and tends to produce false alarms, especially if we use some >stego. yeah, but how to stego high volume, long lasting bi-directional UDP connections creating a mesh? Therefore packet-stego won't be sufficient (simulated database-cluster, NFS?, WebDAV, SOAP-RMI, FTP? or even a P2P protocol?)
