Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tor Open To Attack

kdawson posted more than 7 years ago | from the peeling-the-onion dept.

Security 109

An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."

cancel ×

109 comments

Sorry! There are no comments related to the filter you selected.

Well, not just that. (4, Interesting)

James_Duncan8181 (588316) | more than 7 years ago | (#18145700)

If the attacker advertises absolutely massive values (and hey, it's only a string) they can time out all of the packets and DoS the network too.

This actually makes me wonder if there is a military/intel datacentre that does this already.

Re:Well, not just that. (0, Funny)

Anonymous Coward | more than 7 years ago | (#18145924)

The military and secretive NSA operations do not care about you or your open source proxy software. Stop trying to make yourself feel special by writing convoluted conspiracy theories.

Re:Well, not just that. (5, Interesting)

Kadin2048 (468275) | more than 7 years ago | (#18145992)

The military and secretive NSA operations do not care about you or your open source proxy software. Stop trying to make yourself feel special by writing convoluted conspiracy theories.

No, but the Chinese equivalent of the FBI probably cares a lot about what its citizens are doing on the net, and the ability of users living under hostile regimes to get unfettered network access is one of the goals of projects like Tor.

There are people with resources besides the NSA.

Re:Well, not just that. (2, Interesting)

Anonymous Coward | more than 7 years ago | (#18149316)

Exactly. I used to work for a spook house. If I described what lengths they went to keep data secret, people here on slashdot would offer me a nice tin foil hat and a pair of plastic unbreakable no-sharp-edge spoons to play with, and offer me a coat (with long sleeves that seem to buckle in the back). The thing to remember though, is that with all the technology we had, we had to assume that everyone else had at least as much. Pointing a laser at a window 2 miles away and receiving the reflection (non-visible part of the spectrum) and comparing the source with the reflection would give you a vibration ...created by sound outside the glass, but also by sound inside the room. A mic outside would pickup sound outside the glass, filter that and all you are left with is sound inside the room ...from 2 miles away. It was considered old technology 15 years ago. Now imagine a country with 1.1 billion people. Imagine that they aren't all Albert Einstein. Imagine only 1% are engineers. Imagine only half are willing to work for the government. Imagine only 1% of the available engineers are really gifted. 1 in 10 is an electrical engineer. That leaves you with 5500 really gifted electrical engineers working for the government of this country with 1.1 billion people. Could 5500 really gifted engineers create a device at least as good as what I have described? Think hard!

Re:Well, not just that. (4, Informative)

Wonko the Sane (25252) | more than 7 years ago | (#18146084)

The military and secretive NSA operations do not care about you or your open source proxy software. Stop trying to make yourself feel special by writing convoluted conspiracy theories.

If [dailykos.com] only [commondreams.org] that was true [sldn.org] ...

Re:Well, not just that. (0)

Anonymous Coward | more than 7 years ago | (#18146434)

I would trust DailyKos about as much as I would trust Fox for any reliable, real news. Not saying the story isn't important, but consider the source/election fodder.

Re:Well, not just that. (1)

Wonko the Sane (25252) | more than 7 years ago | (#18146552)

I would trust DailyKos about as much as I would trust Fox for any reliable, real news. Not saying the story isn't important, but consider the source/election fodder.

That's true, but there are enough of these stories floating around from different sources that it's safe to just pick some random examples.

I actually think the OP's reasoning is flawed in that he assumed that the government behaves in a rational manner. Just because it doesn't make any sense to a sane person for the NSA to worry about the TOR project doesn't automatically mean the government won't throw millions of dollars at the project.

Re:Well, not just that. (1)

jfengel (409917) | more than 7 years ago | (#18146936)

That's true, but there are enough of these stories floating around from different sources that it's safe to just pick some random examples.

Can I have a ride on the flying saucer, then?

(Or, to pick another snarky comment, the plural of anecdote != data).

Re:Well, not just that. (1)

Wonko the Sane (25252) | more than 7 years ago | (#18147082)

It's more than just anecdotes, if you bother to look.

I honestly didn't think it was that controversial, more along the lines of common knowledge. Everyone knows the US government has gone insane [slashdot.org] , don't they?

Re:Well, not just that. (1)

MechaStreisand (585905) | more than 7 years ago | (#18148214)

If you examine that link more carefully, you'll see that that was the Florida government, not the US one. (It is indeed insane, though.)

Re:Well, not just that. (0)

Anonymous Coward | more than 7 years ago | (#18148998)

I worked for the US government for 8 years. They are just as insane.

Re:Well, not just that. (1)

zantolak (701554) | more than 7 years ago | (#18146654)

Of course there are going to be police at protests. Blending in with the crowd just makes it easier to take care of things if an incident occurs. Is this supposed to be surprising, scandalous, conspiratorial? Because it's not. It's perfectly logical to anyone with a lick of sense.

Re:Well, not just that. (2, Insightful)

bhsx (458600) | more than 7 years ago | (#18147422)

Of course there are going to be police at protests. Blending in with the crowd just makes it easier to take care of things if an incident occurs. Is this supposed to be surprising, scandalous, conspiratorial? Because it's not. It's perfectly logical to anyone with a lick of sense.
This is from the second link of the GP:

The officers hoist protest signs. They hold flowers with mourners. They ride in bicycle events. At the vigil for the cyclist, an officer in biking gear wore a button that said, "I am a shameless agitator." She also carried a camera and videotaped the roughly 15 people present. Beyond collecting information, some of the undercover officers or their associates are seen on the tape having influence on events. At a demonstration last year during the Republican National Convention, the sham arrest of a man secretly working with the police led to a bruising confrontation between officers in riot gear and bystanders.
Perfectly logical? Really?

Re:Well, not just that. (2, Informative)

TubeSteak (669689) | more than 7 years ago | (#18146042)

If the attacker advertises absolutely massive values (and hey, it's only a string) they can time out all of the packets and DoS the network too.
Wouldn't that only last as long as [max client timeout]?
At which point the client seeks another route. Right?

What I'm saying is that I don't think this would be effective with only one or two nodes.
Though on a larger scale, I agree that this tactic could effectively DOS the network.

Re:Well, not just that. (1)

DJCacophony (832334) | more than 7 years ago | (#18152762)

At which point the client would time out, and pick a new route at random, which could very well be through the node doing the DoSing, if the idea is implemented correctly.

COMSEC, not SIGINT (4, Interesting)

dr.badass (25287) | more than 7 years ago | (#18146138)

This actually makes me wonder if there is a military/intel datacentre that does this already.

Probably, but not for the reasons you think. Tor is known to be used by the military (how much is anybody's guess) for the same reasons anybody else would use it.

Re:COMSEC, not SIGINT (5, Funny)

hotdiggitydawg (881316) | more than 7 years ago | (#18146416)

Tor is known to be used by the military ... for the same reasons anybody else would use it.
Downloading pr0n?

Re:COMSEC, not SIGINT (0)

Anonymous Coward | more than 7 years ago | (#18151426)

Dude, have you tried to download p0rn via tor. Its to slow for that sort of thing. I wan't my P0rn now--while I'm ..... pre.... Not after 30 mins.

Re:COMSEC, not SIGINT (1)

mrogers (85392) | more than 7 years ago | (#18151094)

Using the network is a good way to monitor it [cam.ac.uk] : "The ability to route over the anonymous communication network, that anyone has, can be used to estimate the traffic load on specific Tor nodes accurately enough to perform traffic-analysis."

Re:Well, not just that. (1)

Alterion (925335) | more than 7 years ago | (#18146344)

no need: see numerous guides on how-to use bitorrent through TOR that turn it into the internet superhighway equivalent of a milkfloat

Re:Well, not just that. (1)

Yartrebo (690383) | more than 7 years ago | (#18147446)

Considering how large a strain TOR puts on the system vs. straight P2P, I'd only use it for very high risk stuff. In the current climate, your average illegal downloads/uploads just don't cut it ( 1 in 10M chance of getting caught, and the punishment is nowhere near what you get for things like political dissent in some places). Perhaps if the risk goes up it will be a worthwhile tradeoff though.

Re:Well, not just that. (0)

Anonymous Coward | more than 7 years ago | (#18148974)

For those like me that have no idea what a milk float was
http://en.wikipedia.org/wiki/Milk_float [wikipedia.org]

I for one.. (0)

Anonymous Coward | more than 7 years ago | (#18145702)

welcome our onion-sniffing overlords!

Re:I for one.. (3, Funny)

slashbob22 (918040) | more than 7 years ago | (#18145916)

I for one cry for our new onion-sniffing overlords.

Can you see what I see??? (-1, Troll)

MrShaggy (683273) | more than 7 years ago | (#18145704)

Peek-a-boo!

Re:Can you see what I see??? (0)

Anonymous Coward | more than 7 years ago | (#18145832)

Budget Value Weiners?

Tor Not Happy! (0)

Anonymous Coward | more than 7 years ago | (#18145710)

Tor find this NOT FUNNY [answers.com] !!!

Time for go to bed!! (0)

Anonymous Coward | more than 7 years ago | (#18145854)

n/t

fp troll (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18145716)

trolling

Re:fp troll (1, Funny)

IAmGarethAdams (990037) | more than 7 years ago | (#18145742)

It's not really a troll, a troll is designed to draw a hostile reaction.

Level of effort doesn't justify the reward. (1)

crow_t_robot (528562) | more than 7 years ago | (#18145740)

whoopdedoo.

Not quite so oblig SW reference.. (2, Funny)

SocialEngineer (673690) | more than 7 years ago | (#18145752)

"I felt a great disturbance in the Internet, as if millions of child-pornographers suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened."

Now now, I know Tor isn't just used for naughty stuff. I just thought it was funny. Sorta.

Re:Not quite so oblig SW reference.. (4, Informative)

Ice Wewe (936718) | more than 7 years ago | (#18145838)

Seriously, this is why Tor tells you at the start that you shouldn't rely on it for strong anonymity.

"Feb 25 16:16:02.628 [notice] Tor v0.1.1.xx. This is experimental software. Do not rely on it for strong anonymity."

Thus proving, once again, that Tor is only for the Quasi-anonymous group.

Re:Not quite so oblig SW reference.. (1)

dr.badass (25287) | more than 7 years ago | (#18146098)

Tor tells you at the start that you shouldn't rely on it for strong anonymity.

Tor also tells you to not use it for BitTorrent, but clueless Diggers continue to do so.

welcome to the watchlist (2, Funny)

twitter (104583) | more than 7 years ago | (#18145840)

So, ze kiddie porn is on vor mind, eh Social Engineer? Very interesting. Who besides grandstanding politicians, media whores and actual pedophiles actually thinks or talks about kiddie porn? You must be one of the bag guys. The FBI vill be watching everything you do for the next ten years.

Re:welcome to the watchlist (1)

Faylone (880739) | more than 7 years ago | (#18148394)

Can posting on slashdot count as being media whore? Damn I hope not.

Re:welcome to the watchlist (-1, Troll)

twitter (104583) | more than 7 years ago | (#18149162)

Can posting on slashdot count as being media whore? Damn I hope not.

You are only a whore if you don't like being here, but do it anyway because someone is paying you. Here's a short list of people who hate Slashdot but post prolifically anyway:

There are plenty of others and they are easy to identify because they keep saying the same things: M$ rules, free software sucks and Slashdot sucks.

Re:welcome to the watchlist (1)

Macthorpe (960048) | more than 7 years ago | (#18151238)

Hate is such a strong word. You're also entirely wrong, as per usual.

There are plenty of others and they are easy to identify because they keep saying the same things: M$ rules, free software sucks and Slashdot sucks.

I look forward to you finding where I said any of those things at any point. I'll be waiting, as usual, for any sign of a coherent argument from you.

Re:welcome to the watchlist (0, Flamebait)

jb.hl.com (782137) | more than 7 years ago | (#18151470)

ELL OH ELL.

Erm, "free software sucks"? I've coded some free software (a tiny useless piece of public domain stuff, but still) before, released it, got it put into the Debian archive (yes, you can apt-get a tiny little piece of jb.hl.com now. Get you paranoid yet?). I use Firefox, OpenOffice.org, Thunderbird and the GIMP almost daily, and up until recently used Linux pretty much full time. What planet are you on? Microsoft don't rule, they do a lot of suspect things, I just find Windows to be the best platform available for what I want to do, and they're certainly undeserving of the kind of irrational hatred you specialise in.

I don't hate Slashdot. I just don't like you. Get that, Twit? I don't like you, or your FUD, or your baseless accusations, or your bizarre messianic complex. The fact you seriously think a multi-billion dollar corporation is sending footsoldiers out to get you because you post bad things about them on Slashdot is testament to your utter lunacy. It is not Slashdot I dislike, it is you personally. Got that? Good.

Another hearty LOL at you for posting that link to you annotating my comments again. You do realise it's all bullshit, and anyone reading the comments can see as such, don't you? I hope so.

Re:welcome to the watchlist (0)

Anonymous Coward | more than 7 years ago | (#18153242)

Apparently, you need to post 10 or so comments from someone in a truly shit attempt to discredit them.

For you, only one is needed. [slashdot.org] You know, because you're a racist, idiotic, ranting, arrogant cockslap who would love to see Linux take over the world but has no fucking idea of how the world actually works.

Chinese Dissidents (1)

davidwr (791652) | more than 7 years ago | (#18146088)

Don't forget the Chinese Dissidents.

In Soviet Russia... (2, Funny)

Anonymous Coward | more than 7 years ago | (#18145780)

In Soviet Russia, Tor attacks YOU!

Re:In Soviet Russia... (0)

Anonymous Coward | more than 7 years ago | (#18146822)

Seems like some Slashdot bandwidth could be saved by posting the jokes more efficiently...

In Soviet Vista, insensitive overlords cluster YOU!

...Now what did I miss?

Re:In Soviet Russia... (0)

Anonymous Coward | more than 7 years ago | (#18148268)

Umm... the GNAA sodomizing grits-filled goatse man with a petrified penis bird while netcraft confirms the jews are killing BSD... oh, you don't read at -1?

Re:In Soviet Russia... (0)

Anonymous Coward | more than 7 years ago | (#18147246)

You dont have to say it. We are all thinking it!

Re:In Soviet Russia... (1)

Cyberax (705495) | more than 7 years ago | (#18149100)

It's funny, but there's a Russian anti-air missile 'Tor-M1' ( http://www.defense-update.com/products/t/tor.htm [defense-update.com] ).

So you're not far from truth :)

How Many Nodes Do You Need to Own? (4, Insightful)

quanticle (843097) | more than 7 years ago | (#18145808)

"We show that even if an adversary can control a few malicious nodes -- 3 to 6 with a PlanetLab network of 60 honest servers -- the adversary can still compromise the identity of a significant fraction of the connections from new clients."

3 to 6 servers out of 60 is still 5 to 10 percent. That's fine for small networks, but for a network with hundreds or thousands of nodes, controlling 5 to 10 percent may become infeasible. Does this attack require the number of nodes to scale with network size?

Re:How Many Nodes Do You Need to Own? (1)

Roger Wilcox (776904) | more than 7 years ago | (#18145908)

That's fine for small networks, but for a network with hundreds or thousands of nodes, controlling 5 to 10 percent may become infeasible.

No amount of surveillance is infeasible for a determined government.

Re:How Many Nodes Do You Need to Own? (1)

hjf (703092) | more than 7 years ago | (#18146112)

Yeah, the UK is proving that what you said is true. Sad but true.

Re:How Many Nodes Do You Need to Own? (3, Interesting)

TheRaven64 (641858) | more than 7 years ago | (#18145960)

It doesn't tell you anything meaningful unless it tells you what the requirements on the distribution of the nodes is. You could, hypothetically, run a few thousand tor nodes on a single machine. Would this allow you to compromise a network of a few tens of thousands of nodes?

Re:How Many Nodes Do You Need to Own? (1)

Splab (574204) | more than 7 years ago | (#18147020)

Except you need to convince the nodes to use the same IP for all hops. A TOR client should spread it's hops through out the available / advertised nodes. Also this attack isn't exactly new, timing weakness have been known for as long as the network has been around I should think (it's in the white paper). Granted their approach is somewhat new, but TOR has never claimed to provide strong anonymity, you need something like Herbivore for that.

Re:How Many Nodes Do You Need to Own? (2, Interesting)

mrogers (85392) | more than 7 years ago | (#18150706)

TOR has never claimed to provide strong anonymity, you need something like Herbivore for that.

Herbivore isn't vulnerable to traffic analysis but it's vulnerable to DoS: the attacker's nodes follow the secure entry protocol and get assigned to random cliques. Then they transmit in every round, jamming communication within their cliques. Jamming doesn't require any more bandwidth than normal participation in the protocol, and the source of the jamming can't be detected because communication within a clique is completely anonymous. With cliques of 128 nodes, an attacker who controls 1% of the nodes can jam 72% of the cliques at any given time. If the innocent nodes move to different cliques to escape the jamming, the attackers can move too.

Re:How Many Nodes Do You Need to Own? (0)

Anonymous Coward | more than 7 years ago | (#18148422)

But thats fairly easy to defend against, the selection algorithm already picks hosts on different networks, so you would need to have 1000s of IPs on different networks on the same box. A non-trivial attack to say the least. You would also find people hopping off your node in short order, because it would... be.... S-L-O-W.

Re:How Many Nodes Do You Need to Own? (2, Informative)

mrogers (85392) | more than 7 years ago | (#18150656)

That's fine for small networks, but for a network with hundreds or thousands of nodes, controlling 5 to 10 percent may become infeasible.
Tor scales to a few hundred nodes [noreply.org] , but it doesn't scale indefinitely - all the routers are listed in a central directory [seul.org] to ensure that all clients use the same set of routers and the same set of public keys.

Re:How Many Nodes Do You Need to Own? (1)

quanticle (843097) | more than 7 years ago | (#18152906)

"Tor scales to a few hundred nodes, but it doesn't scale indefinitely"

Okay. I understand now. Because Tor can only scale up to a few hundred nodes, you only need ten or twenty compromised nodes to effectively monitor the entire network.

good (0)

Anonymous Coward | more than 7 years ago | (#18145830)

we need to attack child pornographers and irc abusers who hide behind tor
possibly a pre-emptive strike before they over run tor

Filtering? (1)

roguegramma (982660) | more than 7 years ago | (#18146838)

Would it be possible for a tor exit node to apply automatic filters to requests and replies so that the usefulness for illegal porn and criminal activity is reduced ?

Re:Filtering? (1)

Yartrebo (690383) | more than 7 years ago | (#18147486)

Why not filter queries with the words 'democracy' and 'human rights' while we're at it? I'm sure that the Chinese government would agree with me.

Re:Filtering? (1)

roguegramma (982660) | more than 7 years ago | (#18147586)

Why not, if the Tor exit node was provided by the Chinese, then would shouldn't it block requests for democracy? I'm not proposing central filtering, but responsibility for your server.

Anonymity Vs Performance in Multi-Hop Networks... (5, Interesting)

Roger Wilcox (776904) | more than 7 years ago | (#18145866)

...is really what the article is about. Granted, I only read the abstract, but someone here at /. seems too intent on making a dramatic headline out of this.

It has been known for some time that anyone with the resources to do so could launch an end-to-end attack on Tor. That someone with relatively few resources could launch the same attack is newsworthy, perhaps, but far more interesting is the observation that optimizing network traffic flow in order to improve performance is the direct cause of this weakness.

WTFITOREH? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18145910)

I hate to point this out but to anyone not in the know. the Acronym TOR means absolutely NOTHING. why post a warning about something if you do not explain the acronym. WHAT THE HELL IS WITH THE EXCESSIVE ACRONYMS? You all afraid to speak a fully qualified language or are you all afraid someone might notice you have no idea what the hell you're talking about? How about expanding on the acronyms a bit eh?
Thanks.

Re:WTFITOREH? (1)

Wonko the Sane (25252) | more than 7 years ago | (#18146034)

There are possibly more productive solutions [justfuckinggoogleit.com] to your problem than anonymous ranting on slashdot.

Re:WTFITOREH? (0, Flamebait)

gtall (79522) | more than 7 years ago | (#18146202)

Hey fucktard, it stand for The Onion Router...get it?

Gerry

Re:WTFITOREH? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18147670)

And what exactly is a ONION ROUTER?
Just because you don't have a life and know every fucking there is to know about computers doesn't mean lowly little human beings like me, who do actually have more of a social life, and defiantly more social skills, would know it. As I was saying in my original post, If people wouldn't assume everyone knew what the heck they were talking about and used obscure acronyms that were not recognizable by anyone other that those in the industry
(and yes I googled it but it was just as vague an answer as what you gave me.)

Re:WTFITOREH? (2, Insightful)

Nasarius (593729) | more than 7 years ago | (#18146298)

Come on, if you're going to troll, at least put some effort into it. Nowhere in the summary is it mentioned that Tor is an acronym. It's not written as TOR. Those ignorant of the project would assume that it was just a silly name.

Re:WTFITOREH? (1)

anagama (611277) | more than 7 years ago | (#18146382)

If you don't know what tor is, and can't RTFG, you don't belong on slashdot.

Re:WTFITOREH? (3, Insightful)

Ephemeriis (315124) | more than 7 years ago | (#18146388)

I hate to point this out but to anyone not in the know. the Acronym TOR means absolutely NOTHING. why post a warning about something if you do not explain the acronym. WHAT THE HELL IS WITH THE EXCESSIVE ACRONYMS? You all afraid to speak a fully qualified language or are you all afraid someone might notice you have no idea what the hell you're talking about? How about expanding on the acronyms a bit eh?
Thanks.

To anyone not in the know, the fact that the TOR protocol has a weakness means absolutely NOTHING regardless of whether they know what TOR stands for or not.

Granted, there is such a thing as TLA-overload...but I don't think this is it. If you don't know that TOR stands for The Onion Router, then why the hell do you care whether it is vulnerable to attack or not? You obviously aren't using it... You don't care about the technology or implementation... You are apparently not even curious enough to Google it... So why bother clicking through to post such a rant?

Could this be avoided? (4, Informative)

DogDude (805747) | more than 7 years ago | (#18145914)

From what I can tell, it sounds like an attack can be either minimized or avoided completely if there are enough "server" nodes in the network. The "server" nodes, or the nodes that are exposed to the potential naughtiness, are always in short supply due to people understandably not wanting the FBI to show up to their door, hauling them off to Guantanamo Bay for a round of government-sanctioned torture. The thing is, for the time being, we're seeing a proliferation of completely open (untraceable) wireless networks that could potentially solve this problem. If a relatively large number of geeks were to throw a machine at their local free wireless connections, then they could potentially help out the TOR network for people who don't have access to such an "open" network. Now, we will eventually see these wide open free-for-alls shut down once the feds get their heads out of their asses and start taking Net-based crime seriously. But for the time being, we should all pitch in and take advantage of these networks while we've got 'em. I'm working on putting together a few Frankenstein PC's now and they'll be sitting within range of my town's wireless network, and they'll be routing TOR traffic. If somebody does some truly nasty stuff, and it comes out via one of my TOR nodes, then all the federales will be able to see will be the MAC addresses of my network cards, and have no idea where to find said network cards on the wireless network.

Re:Could this be avoided? (1)

Raven42rac (448205) | more than 7 years ago | (#18145958)

Triangulation.

Re:Could this be avoided? (1)

DogDude (805747) | more than 7 years ago | (#18145994)

Can you use triangulation if your PC can see only one node on the wireless network? I would think that all the feds would know is that the traffic is coming from MAC address xxx, and it's somewhere in the radius of NAP x. In a city, that could be any one of hundreds or thousands of private homes and businesses, not to mention cars just moving through the area...

Re:Could this be avoided? (3, Interesting)

Kadin2048 (468275) | more than 7 years ago | (#18146072)

Well, if they knew the access point you were using (based on the IP address, which they'd then take to the ISP and demand to know the customer address), they'd just go down there and sniff packets for your MAC address. It's fairly trivial at that point to determine the direction that the radio signals are coming from. (There are guys that do it as a hobby [aol.com] .)

Probably your best bet would be to use a spoofed MAC address, and change both the AP you connect to, the MAC address you report, and the PC's physical location, on a regular and frequent basis. That would make it difficult to determine whether you were a single location that's moving a lot and using different MAC addresses, or were multiple computers each just using the AP periodically.

Still, there's no foolproof way to avoid discovery against an omnipotent adversary.

Re:Could this be avoided? (1)

DogDude (805747) | more than 7 years ago | (#18146444)

Still, there's no foolproof way to avoid discovery against an omnipotent adversary.

Thanks for ruining my day.

Obviously, I'm not doing anything illegal (otherwise, I'd be posting as an AC), but there's a lot to be said for people being able to be truly anonymous in a public space (such as no fear of retaliation by a potentially hostile/oppressive government).

Oh well. I guess that if somebody has to do something online and be truly anonymous, they can still drive to one of these open networks that is not near their home or job, do their thing, and leave. People do that all of the time with this network, already.

Re:Could this be avoided? (2, Insightful)

Kjella (173770) | more than 7 years ago | (#18146492)

Omnipotence is hardly required. "Moving it around" doesn't happen on the same timescale as tracking it down, I'm sure it'd only take a few minutes with pro gear and at least two listening posts to cross-reference. Generating a new MAC from time to time then reconnecting would probably work just fine though, so that when they come for the old MAC address it's no longer broadcasting. Basicly, if it's still active when they come looking, you've pretty much already lost.

Re:Could this be avoided? (1)

frdmfghtr (603968) | more than 7 years ago | (#18146176)

Your PC is talking back and forth with access point A, but your signal is reaching B and C as well, which are just acting as listening posts. Now, your packets arrive at A, B, and C, which talk to each other and figure out the time differential of your packets reaching each point. B and C know what to listen for, because A is telling them.

Based on the time differentials, your position is narrowed down.

your PC can only see one, but that's because the others aren't talking to you.

No, I don't know the details, but it seems feasible.

Re:Could this be avoided? (2, Informative)

kennygraham (894697) | more than 7 years ago | (#18146082)

then all the federales will be able to see will be the MAC addresses of my network cards, and have no idea where to find said network cards on the wireless network.

Unless you purchased your network card on a credit card at a place that scans the MAC address along with the UPC when they ring you up, like CompUSA does. (to make sure you don't return a different network card for a refund)

Re:Could this be avoided? (1)

gsn (989808) | more than 7 years ago | (#18146740)

That old thing... I sold that on eBay years ago. And made a profit. (And then they set the IRS on you for not paying income tax on it).

Also, try changing [google.com] your MAC address to something like 66-75-6B-6F-66-66.

Re:Could this be avoided? (1)

The MAZZTer (911996) | more than 7 years ago | (#18147768)

You can change the MAC address on many (if not all) cards. My college has an automatic program running that blocks your MAC if you take up too much bandwidth. It didn't unban me automatically after a day like it should have so I changed my MAC address and hopped right back on the network.

Re:Could this be avoided? (1)

The MAZZTer (911996) | more than 7 years ago | (#18147808)

Oh yeah, I should make it clear this is through driver software, and not just via a linux terminal.

On Windows, right click Network [Neighborhood] and click Properties. Vista users need to click "Manage Network Connections" next. Then right click the network connection of the adapter you want to change the MAC address of, then continue past the UAC prompt if you use Vista. Click Configure to get to the network card settings. Go to the Advanced tab. If your card supports it there will be a Network Address value. It's a 10 digit hexidecimal number. If the textbox is blank, you can view your default at the command line with ipconfig /all under "Physical Address". Mine is 000C7609A2A9. You can't just put any number (I'm not sure of the rules, maybe the first four digits have to be 000C or something) but simply adding or subtracting a small value to that works.

Re:Could this be avoided? (1)

user no. 590291 (590291) | more than 7 years ago | (#18148408)

But by the time you've booted and made that change, you've already sent out oodles of packets during the boot process. Might want to make those edits in a Faraday cage or something. Better yet, buy a used wireless NIC for cash and use that.

Re:Could this be avoided? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18148416)

Mine is 000C7609A2A9. You can't just put any number (I'm not sure of the rules, maybe the first four digits have to be 000C or something) but simply adding or subtracting a small value to that works.

The first 6 digits are the manufacturer. (minus a bit or two) Your NIC was made by MSI.

Re:More Info Please (0)

Anonymous Coward | more than 7 years ago | (#18146104)

How do you hide the computers? How do you keep them from getting wet? What are Frankenstein PC's? How do you supply power to these computers?

Re:Could this be avoided? (1)

Watson Ladd (955755) | more than 7 years ago | (#18146232)

Considering the US Navy supports Tor I don't think that is likely.

Re:Could this be avoided? (1)

Kopretinka (97408) | more than 7 years ago | (#18147018)

It's wireless, that means it's radio. You can find a radio transmitter, especially if it keeps transmitting. I expect it's doable, by the strength of the signal, possibly by the direction from which it comes (with a directional antenna), add triangulation. Surely the feds could do it if they care.

There should be some ammendments to some crucial constitutions to guarantee that there should be no laws (and therefore state action) against anonymous and encrypted communication.

Loki will be pleased (0)

Anonymous Coward | more than 7 years ago | (#18145936)

Oh wait that would be Thor. Never Mind.

Tor open to attack? (0)

Anonymous Coward | more than 7 years ago | (#18146070)

Rob had better order the Orbots to unite as Mighty Orbots. That will be the only way to eliminate that vulnerability.

I'll bite (1)

Anonymous Coward | more than 7 years ago | (#18146100)

Who's Roger Dingledine?

easy fix (0)

Anonymous Coward | more than 7 years ago | (#18146190)

here's an easy fix, although could hurt your speed / other issues
"technically, the compromised nodes are the entry and exit nodes"

ExcludeNodes nickname,nickname,...

EntryNodes nickname,nickname,...

ExitNodes nickname,nickname,...

HttpsProxy host[:port]
                            Tor will make all its OR (SSL) connections through this
                            host:port (or host:443 if port is not specified), via HTTP CON-
                            NECT rather than connecting directly to servers. You may want
                            to set FascistFirewall to restrict the set of ports you might
                            try to connect to, if your Https proxy only allows connecting to
                            certain ports.

Constant data stream (3, Interesting)

ishmalius (153450) | more than 7 years ago | (#18146252)

Some military broadband links send a constant stream of encrypted data, whether real data or filler. This "hiding in plain sight" reduces the ability of someone to perform traffic analysis on the network in precisely such a manner. This would be awful on the Net, of course, if everyone did it. But people should be aware that encryption is not the only facet of communications security that they need to worry about.

Even if you can't become both the entry/exit... (4, Interesting)

twistah (194990) | more than 7 years ago | (#18146286)

Even if you aren't able to become both the entry and exit mode, using the technique of faking your bandwidth/uptime can lead to more traffic for your exit node, which means more passwords to sniff. Not everyone seems to realize that just because the Tor protocol is encrypted doesn't mean the exit node can't sniff unencrypted traffic. Granted, the exit node has no idea where the traffic came from, but often information such as login information for a personal account can give that away. That's even better than having just an IP. All it takes is to set yourself up as a Tor node (the uptime/bandwidth faking helps) and run a tool like Cain or dsniff.

No love for Freenet? (4, Funny)

makomk (752139) | more than 7 years ago | (#18146410)

Hmmm... I'm sure Freenet didn't get this much attention when they discovered that their encryption code was only actually encrypting half the data (128 bits out of every 256 bit word). Must be because no-one actually uses Freenet...

Re:No love for Freenet? (1)

DaleGlass (1068434) | more than 7 years ago | (#18148560)

That's interesting, do you have a link with details on that?

A casual googling didn't reveal anything, and I'm feeling really curious about how that happened.

Re:No love for Freenet? (0)

Anonymous Coward | more than 7 years ago | (#18150468)

You can find some about this in the project mailing lists, but the bloody details were only posted to Frost (the anonymous newsreading app for Freenet). Perhaps someone copied them to the wiki (look for pre-1010 keys).

Re:No love for Freenet? (2, Informative)

makomk (752139) | more than 7 years ago | (#18150590)

A casual googling didn't reveal anything, and I'm feeling really curious about how that happened.

As the above AC said, a lot of the discussion was on Frost, which doesn't have any publicly-accessible archives. You can find the mailing list thread here [freenetproject.org] , though. In particular this [freenetproject.org] and this [freenetproject.org]

Of course, I'm not sure if this really matters that much; last I heard, Freenet was known to be vulnerable to man-in-the-middle attacks [freenetproject.org] , and fixing it wasn't considered a priority...

Good Fucking Lord (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18146560)

Oh good Lord. It's not a group of "researchers", it's a bunch of undergrad hackers. Christ. Hackers!= Researchers

Pffft (1)

incripshin (580256) | more than 7 years ago | (#18147480)

I learned about these attacks on Tor in my computer security class last semester. And we're making a big deal now? Maybe my comp sci professor should get some sort of award for discovering it first.

Existing Research (1)

Agoln (869166) | more than 7 years ago | (#18147740)

There is already a lot of existing research in the area. I recently attended a security seminar by CERIAS at Purdue University. They have a video [purdue.edu] discussing this same topic. There is already research going into how to thwart these attacks. From the abstract:

n this work, we identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. The attacks target the overlay network construction, maintenance, and availability and allow malicious nodes to control significant traffic in the network, facilitating selective forwarding, traffic analysis, and overlay partitioning. We propose techniques to decrease the number of incorrect or unnecessary adaptations by using outlier detection.
About the speaker:

David Zage is a third year PhD student in the Computer Science Department at Purdue University under the supervision of Professor Cristina Nita-Rotaru.

Ok so... (1)

ghostbar38 (982287) | more than 7 years ago | (#18148796)

I have just configured my Tor and know you guys says doesn't work? Does I take that long setting up everything? damn... :/

wonderful (1)

band-aid-brand (1068196) | more than 7 years ago | (#18148872)

Now people want to take a way to get around filters and FILTER it...

I think everyone saw this coming. (0)

Anonymous Coward | more than 7 years ago | (#18152340)

Tor has never really provided much "anonymity." In fact from what I've seen, the most frequent use of Tor is for people to pipe through another IP address to avoid bans/troll websites/flood IRC channels...the list goes on. Why do you think so many of the exit servers are banned from even connecting to a lot of sites/IRC servers?

I'm glad someone finally came out and exposed this piece of software as being a failure at what it intended to be.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?