lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 15 14:33:20 2006 From: mooyix at gmail.com (Brendan Dolan-Gavitt) Subject: Is there a way to trace back Tor user This is covered in the Tor FAQ: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a79d22244cc04ca5472832cbcc315198b875f34c The best attack that I know of right know involves measuring latency to each Tor node and correlating that with transmissions at the destination server. The latency goes up on those nodes carrying the traffic to the destination server when that server is transmitting data, allowing the attacker to determine the path through Tor (though not the original source of the traffic). See "Low-Cost Traffic Analysis of Tor" for more details: http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf If you're really desperate, you can also read Chapter 3 of my undergrad thesis, which describes a few attacks on Tor :) http://kurtz.cs.wesleyan.edu/~bdolangavitt/thesis/verbiage/tor-thesis.pdf -Brendan On 6/12/06, Jianqiang Xin <jqxin2006@...il.com> wrote: > > Regarding to recent debate about the use of Tor. Just wondering if it is > practical to trace back the user if he is using Tor to hide his origin. As > far as I know, there were several approaches using timing correlation to > trace back TCP connections. It seems that the technique is there but the > problem is the placement of monitors. Since the Tor servers are scatter > around the world and it is impractical to access them all. If in a perfect > world that you can monitor all the traffic of all Tor servers, you should be > able to trace back with high success rate. > > Is there any better solutions? Thanks. > > yours, > Michael > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060615/15987bef/attachment.html
Powered by blists - more mailing lists