-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/28/2015 03:24 AM, grarpamp wrote:
While reducing network traffic to various accounting schemes such as netflow may enable some attacks, look at just one field of it... bytecounting.
Assume you've got a nice global view courtesy of your old bed buddies AT&T, Verizon, Sprint, etc and in addition to your own bumps on the cables.
You know the IP's of all Tor nodes (and I2P, etc). So you group them into one "cloud" of overlay IP's. For the most part any traffic into that cloud from an IP on the left, after it bounces around inside, must terminate at another IP on the right.
There are roughly 7000 relays, but because many of them are aggregable at the ISP/colohouse, peering and other good vantage point levels, you don't need 7000 taps to see them all.
[ etc, right on target AFAIK ] Global observer attacks can be augmented by owning a substantial number of the routers: All hosted at one facility, but globally distributed via transparent VPN connections running on a variety of platforms all over the world. These router instances would be somewhat customized to facilitate manipulation of traffic via a purpose built hypervisor with a plugin architecture for monitor functions. Since code names aren't supposed to be related to the named thing in any way, we can't call this Hydra. In terms of real world threats, I think it's safe to say that TOR "Hidden Services" aren't very well hidden from motivated adversaries who can deploy global observation and/or global infiltration attacks: The persistence, fixed physical location and interactive availability a hidden services makes it a fat, dumb, happy sitting target for any major State's military and police intelligence service that takes an interest in identifying the host and its operators IRL. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV4CPjAAoJEDZ0Gg87KR0L/NEQAKuHUSt75+drmpbT3E5N5EQq IohHdYiD1w0ui/PGjK/TE5AbUUcvRdxZ1RTKHlksvxxQeNRngimtUXbifb5SnCgo MpYMidXRxfNCNjvQOYTj5ao2uZ4k833uiHF8eKkVXoVrnxT5dMZnaFUnZUqoNoVQ Kf099zLvMDbcvnprO8ACGTCwmmFo81n2Qh5RnHvuXn1Y47tsLNNiaftzqZeucudq YDNoDi/U4VxRJvpMTUs0N7CcGoifZy573XK72kDriJj61Hk8irLtKyGkj/aNheUX mUi5RHYRhoiZYi8GMtPRXkehHX7bOtoevj4ndBU8VHVUD0HFj/B28FxlL4AH60SU x/8pTVSfdyivA4Iq6l6MHCQETCsRJtrEbQ7tZhZ+bke6Kp2zA2910nIXufnwZy2D x6emy2wSEjCme7VuZ+BXrPFXUBYf6d5J7hX21z2e09IV+EGteVsoYyifFGGKEe4e j9EopUatPvff+l1rE5ka49CcruT9dcKkc/W77H0etc186djSPElJj4Yo7Uwsrax/ qcNu8zAqrXzxxg2Og//cCV3BA9gRDMMqBXXyJZy3EdmuhcZyRI7s5Q4c/7vvRVFC iob4S6ZPoMmF39YJxPNlg8eq0YbjmZ04WRsHtG43IEBuSuQiz8MFoXWT1zKXJ/iw 4aw6fi0dqJ4DI1TEj6Co =+O1w -----END PGP SIGNATURE-----