[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit snooping 'research'



Thus spake Olaf Selke (olaf.selke@xxxxxxxxxxxx):

> Am 24.02.2011 08:45, schrieb grarpamp:
> 
> > There is NO way to detect passive monitoring unless you have access
> > to the monitor.
> 
> for each exit node I can set up a unique decoy email account one a
> machine controlled my myself, access it over unencrypted pop or imap
> sessions thru Tor and wait for a second login from a rogue exit operator
> trying to steal my mails. That's no rocket science.

There's also the approach described in section 5 of this paper, which
actually kind of clever, but might also catch things like intermediate
caching proxies. If we could figure out a way to get lots of random
black IP space and keep it secret, it would be a fun one to run
regularly:
http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf
http://systems.cs.colorado.edu/~bauerk/papers/PETS08_slides.pdf

There's quite a few other side channels available if you can get on
the same ethernet segment as a sniffer, or on the same VM host as a
suspicious tor node.

Most of these techniques are also fairly easy to evade, if you try.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgphG839Yrdbb.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk