Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Open To Attack

Posted by kdawson on from the peeling-the-onion dept.

An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."

3 of 109 comments (clear)

  1. Re:Not quite so oblig SW reference.. by Ice+Wewe · · Score: 4, Informative
    Seriously, this is why Tor tells you at the start that you shouldn't rely on it for strong anonymity.

    "Feb 25 16:16:02.628 [notice] Tor v0.1.1.xx. This is experimental software. Do not rely on it for strong anonymity."

    Thus proving, once again, that Tor is only for the Quasi-anonymous group.

  2. Could this be avoided? by DogDude · · Score: 4, Informative

    From what I can tell, it sounds like an attack can be either minimized or avoided completely if there are enough "server" nodes in the network. The "server" nodes, or the nodes that are exposed to the potential naughtiness, are always in short supply due to people understandably not wanting the FBI to show up to their door, hauling them off to Guantanamo Bay for a round of government-sanctioned torture. The thing is, for the time being, we're seeing a proliferation of completely open (untraceable) wireless networks that could potentially solve this problem. If a relatively large number of geeks were to throw a machine at their local free wireless connections, then they could potentially help out the TOR network for people who don't have access to such an "open" network. Now, we will eventually see these wide open free-for-alls shut down once the feds get their heads out of their asses and start taking Net-based crime seriously. But for the time being, we should all pitch in and take advantage of these networks while we've got 'em. I'm working on putting together a few Frankenstein PC's now and they'll be sitting within range of my town's wireless network, and they'll be routing TOR traffic. If somebody does some truly nasty stuff, and it comes out via one of my TOR nodes, then all the federales will be able to see will be the MAC addresses of my network cards, and have no idea where to find said network cards on the wireless network.

    --
    I don't respond to AC's.
  3. Re:Well, not just that. by Wonko+the+Sane · · Score: 4, Informative

    The military and secretive NSA operations do not care about you or your open source proxy software. Stop trying to make yourself feel special by writing convoluted conspiracy theories.

    If only that was true...