[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Is there a way to trace back Tor user

To: "Jianqiang Xin" <jqxin2006@xxxxxxxxx>
Subject: Re: [Full-disclosure] Is there a way to trace back Tor user
From: "Brendan Dolan-Gavitt" <mooyix@xxxxxxxxx>
Date: Thu, 15 Jun 2006 09:33:12 -0400

This is covered in the Tor FAQ:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a79d22244cc04ca5472832cbcc315198b875f34c

The best attack that I know of right know involves measuring latency to each
Tor node and correlating that with transmissions at the destination server.
The latency goes up on those nodes carrying the traffic to the destination
server when that server is transmitting data, allowing the attacker to
determine the path through Tor (though not the original source of the
traffic). See "Low-Cost Traffic Analysis of Tor" for more details:

http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf

If you're really desperate, you can also read Chapter 3 of my undergrad
thesis, which describes a few attacks on Tor :)

http://kurtz.cs.wesleyan.edu/~bdolangavitt/thesis/verbiage/tor-thesis.pdf

-Brendan

On 6/12/06, Jianqiang Xin <jqxin2006@xxxxxxxxx> wrote:


Regarding to recent debate about the use of Tor. Just wondering if it is
practical to trace back the user if he is using Tor to hide his origin. As
far as I know, there were several approaches using timing correlation to
trace back TCP connections. It seems that the technique is there but the
problem is the placement of monitors. Since the Tor servers are scatter
around the world and it is impractical to access  them all.  If in a perfect
world that you can monitor all the traffic of all Tor servers, you should be
able to trace back with high success rate.

Is there any better solutions? Thanks.

yours,
Michael


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: Is there a way to trace back Tor user
  - From: Bruno Wolff III

References:
- [Full-disclosure] Is there a way to trace back Tor user
  - From: Jianqiang Xin

Prev by Date: [Full-disclosure] Advisory: Authentication bypass in phpBannerExchange
Next by Date: [Full-disclosure] notepad oddatiy
Previous by thread: Re: [Full-disclosure] Is there a way to trace back Tor user
Next by thread: [Full-disclosure] Re: Is there a way to trace back Tor user
Index(es):
- Date
- Thread