Well, here's where my ignroance is revealed. But let me recall the 'threat scenario' in this case. MwGs don't like Tor networks, and set about trying to find the nodes, and take them down. How do they do this? They can, perhaps, look at the IP addressses of packets they themselves shoot through the network, and then (theoretically) trace these back to the machines that sent the packets, presumably a tor node. Or at least, they can do this for an exit node(s). After finding an exit node, they can then contact the operator to locate the server and Tor node, and bludgeon them in totaking it down. The operator prrobably won't be surprised, because they will have installed the Tor node, which presumably has all sorts of files named, TOR.EXE, TOR_CLIENT.DLL, and so on. The only other way to tell they are running a Tor node is to see the other IP addresses coming in and going out, which presumably are other Tor nodes. Is that basically right? What if, for instance, a Tor client sent out a whole buttload of IPs, some of which are Tor nodes, some of which aren't, in various cities (including, say Fallujah). Let's say also that the Tor package sent to an actual Tor node operator was disguised to look like some other innocuous service. Let's say also that there are plenty of fake non-Tor packets coming in and out of that node which don't lead to any Tor nodes at at all. In the case, the local authorities would have to have some kind of subpeona (one would think) 'proving' to the operator that they indeed have a hated Tor node on one of their machines. They would also have to do this for a variety of nodes, perhaps, even ones that aren't actually Tor nodes. OK, farfetched. But possible? I'm a telecom guy so what the hell do I know... -TD
From: Eugen Leitl <eugen@leitl.org> To: Tyler Durden <camera_lumina@hotmail.com>, cypherpunks@jfet.org Subject: Re: redgene might be gone Date: Mon, 11 Dec 2006 18:29:54 +0100
On Mon, Dec 11, 2006 at 12:11:52PM -0500, Tyler Durden wrote:
Why is it necessary for a Tor node to be identifiable by authorities? Is it possible to disguise it as something else?
If you're renting a colo server with a fixed IP, how would you disguise it as anything, or conceal it as anything else if you never ever even seen the machine in question?
Still no news on the trouble ticket. Either they're swamped, or the server has been really confiscated.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
_________________________________________________________________ Visit MSN Holiday Challenge for your chance to win up to $50,000 in Holiday cash from MSN today! http://www.msnholidaychallenge.com/index.aspx?ocid=tagline&locale=en-us