OK, more dumb questions about hiding a Tor node. Even though the current list of Tor node IP addresses is basically public, I'm not 100% convinced it woul have to be. Well, exit and entry nodes perhaps have to be public, but what about nodes inside the cloud? OK, anything sent to one of those nodes by an edge node has to use a unencrypted IP address on the packet header, right? BUT, the same machines that house the Tor nodes could (and probably do, right?) house other services as well...a packet sent to the Tor node has to be sent to the right socket and layer 4 service. Right? And THAT can be encrypted, and probably already is by Tor nodes. (Now remember I'm not a datacom guy...) If the list of interior Tor nodes is encrypted and only machine-readable by other Tor nodes, AND if we have a few additional services residing on the same machines as the Tor nodess, then a packet sent to a machine housing a Tor node may or may not actually be going to a Tor node. If the operators of that machine are also unaware of the precise service-bundle existing on the machine (not unreasonable as long as someone is paying them for the consumed bandwidth) AND if packets destined for that machine can reasonably be said to be accessing a non-TOR service AND if the IP address list of interior TOR nodes is encrypted, is the Tor node now disguised? Seems to me it would be difficult for some authorities to track down the location of some Tor nodes. Or am I missing something? Like I said, I'm no datacom guy, but hiding a Tor node deosn't seem impossible to me. -TD
From: Lists <phlex_lists@meshmx.com> To: Tyler Durden <camera_lumina@hotmail.com> Subject: Re: Disguising a Tor node? Date: Thu, 14 Dec 2006 11:38:57 +0000
All TOR nodes can be found in the network directory of TOR.
http://moria.mit.edu:9031/tor/
With that list it is easy to find all official tor nodes on the planet. Skype, Wikipedia etc use that list to block access. And yes, this list has to be there. It is used by the TOR network itself so that nodes can find each other.
TOR is not exactly "censorship resistant".
-- phlex
Tyler Durden wrote:
Well, here's where my ignroance is revealed.
But let me recall the 'threat scenario' in this case.
MwGs don't like Tor networks, and set about trying to find the nodes, and take them down. How do they do this? They can, perhaps, look at the IP addressses of packets they themselves shoot through the network, and then (theoretically) trace these back to the machines that sent the packets, presumably a tor node. Or at least, they can do this for an exit node(s).
After finding an exit node, they can then contact the operator to locate the server and Tor node, and bludgeon them in totaking it down. The operator prrobably won't be surprised, because they will have installed the Tor node, which presumably has all sorts of files named, TOR.EXE, TOR_CLIENT.DLL, and so on. The only other way to tell they are running a Tor node is to see the other IP addresses coming in and going out, which presumably are other Tor nodes.
Is that basically right?
What if, for instance, a Tor client sent out a whole buttload of IPs, some of which are Tor nodes, some of which aren't, in various cities (including, say Fallujah). Let's say also that the Tor package sent to an actual Tor node operator was disguised to look like some other innocuous service. Let's say also that there are plenty of fake non-Tor packets coming in and out of that node which don't lead to any Tor nodes at at all.
In the case, the local authorities would have to have some kind of subpeona (one would think) 'proving' to the operator that they indeed have a hated Tor node on one of their machines. They would also have to do this for a variety of nodes, perhaps, even ones that aren't actually Tor nodes.
OK, farfetched. But possible? I'm a telecom guy so what the hell do I know...
-TD
From: Eugen Leitl <eugen@leitl.org> To: Tyler Durden <camera_lumina@hotmail.com>, cypherpunks@jfet.org Subject: Re: redgene might be gone Date: Mon, 11 Dec 2006 18:29:54 +0100
On Mon, Dec 11, 2006 at 12:11:52PM -0500, Tyler Durden wrote:
Why is it necessary for a Tor node to be identifiable by authorities? Is it possible to disguise it as something else?
If you're renting a colo server with a fixed IP, how would you disguise it as anything, or conceal it as anything else if you never ever even seen the machine in question?
Still no news on the trouble ticket. Either they're swamped, or the server has been really confiscated.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
_________________________________________________________________ Visit MSN Holiday Challenge for your chance to win up to $50,000 in Holiday cash from MSN today! http://www.msnholidaychallenge.com/index.aspx?ocid=tagline&locale=en-us
_________________________________________________________________ Talk now to your Hotmail contacts with Windows Live Messenger. http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://get...