lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu Jun 15 14:33:20 2006
From: mooyix at gmail.com (Brendan Dolan-Gavitt)
Subject: Is there a way to trace back Tor user

This is covered in the Tor FAQ:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a79d22244cc04ca5472832cbcc315198b875f34c

The best attack that I know of right know involves measuring latency to each
Tor node and correlating that with transmissions at the destination server.
The latency goes up on those nodes carrying the traffic to the destination
server when that server is transmitting data, allowing the attacker to
determine the path through Tor (though not the original source of the
traffic). See "Low-Cost Traffic Analysis of Tor" for more details:

http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf

If you're really desperate, you can also read Chapter 3 of my undergrad
thesis, which describes a few attacks on Tor :)

http://kurtz.cs.wesleyan.edu/~bdolangavitt/thesis/verbiage/tor-thesis.pdf

-Brendan

On 6/12/06, Jianqiang Xin <jqxin2006@...il.com> wrote:
>
> Regarding to recent debate about the use of Tor. Just wondering if it is
> practical to trace back the user if he is using Tor to hide his origin. As
> far as I know, there were several approaches using timing correlation to
> trace back TCP connections. It seems that the technique is there but the
> problem is the placement of monitors. Since the Tor servers are scatter
> around the world and it is impractical to access  them all.  If in a perfect
> world that you can monitor all the traffic of all Tor servers, you should be
> able to trace back with high success rate.
>
> Is there any better solutions? Thanks.
>
> yours,
> Michael
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060615/15987bef/attachment.html

Powered by blists - more mailing lists