<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Feb 14, 2014 at 10:50 AM, Tom Ritter <span dir="ltr"><<a href="mailto:tom@ritter.vg" target="_blank">tom@ritter.vg</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="">On 13 February 2014 22:35, Phillip Hallam-Baker <<a href="mailto:hallam@gmail.com">hallam@gmail.com</a>> wrote:<br>
> 1) The attacker controls multiple rendezvous points and<br>
> 2) The attacker controls multiple clients, using them to make contact<br>
> attempts and<br>
> 3) Traffic to the hidden service with the drug site is an appreciable<br>
> proportion of the total hidden service traffic<br>
><br>
> Then, a timing attack seems very likely to reveal the IP address of the exit<br>
> node for the hidden service which can then be unrolled in turn.<br>
<br>
</div>The RP is chosen by the client, so the attacker doesn't need to<br>
control those. When the HS contacts the RP, it's via a Tor circuit, so<br>
the RP doesn't learn the HS's actual IP, only the exit IP. This<br>
doesn't get you any closer to finding it though.<br>
<br>
The attacker needs to be come the entry point for a HS to perform a<br>
traffic confirmation attack. By sending lots of data to the HS from a<br>
client, the entry point can correlate that traffic being delivered to<br>
the connection, even if it can't read it.<br>
<br>
To protect against this attack, Tor uses Entry Guards:<br>
<a href="https://www.torproject.org/docs/faq#EntryGuards" target="_blank">https://www.torproject.org/docs/faq#EntryGuards</a> These aim to 'stick' a<br>
client (or HS) to a set of entry nodes. If you, the attacker is in<br>
that set - you're good to go. But if you're not, it's much more<br>
difficult for you to get _into_ that set.<br></blockquote><div><br></div><div>Again this is raising the cost of the attack, not preventing the really determined attacker.</div><div><br></div><div>Operating a low latency hidden service means allowing other people to direct packets in your direction. There are certainly ways of mitigating the risk of dox-ing the hidden server. But the effectiveness of those controls are going to depend on how visible the service is and how determined an attacker is to disclose its location. </div>
</div><br clear="all"><div>Underestimating the determination of the authorities to locate and destroy online drugs marketplaces seems to be a habit of these people. At this point there are more markets on the list of 'failed/scam' sites than are operating on the <a href="http://www.deepdotweb.com/">http://www.deepdotweb.com/</a> list.</div>
<div><br></div><div>It could be that they are all being found because they are making stupid mistakes like sending email which has to go outside the Tor system becauseof the spam controls. But it wouldn't surprise me if we later find that there are tens of thousands of NSA/GCHQ run nodes. The Snowden papers we have that express concern at the difficulty of Tor intercepts are rather old. Knowing that the NSA could not solve a problem due to lack of resources three years ago would make me conclude they now have the necessary resources rather than it isn't a problem.</div>
<div><br></div><div><br></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>