Disguising a Tor node?

Eugen Leitl eugen at leitl.org
Fri Dec 15 05:10:13 PST 2006

On Fri, Dec 15, 2006 at 06:43:55AM -0500, Tyler Durden wrote:
> OK, more dumb questions about hiding a Tor node.

Not dumb at all, it's just the Tor designers went for a public approach.
However, as persecution seems to have started tightening thumbscrews on
Tor operators, a slide into illegality (and a redesign towards more
resilience) might be soon required. Of course, that's the whole idea
behind harassing Tor operators -- move them into a dark niche, where
they will be insigificant as providers of anonymity for the masses.

The criminals already have their zombie networks, and with even some
superficial mixing finding a head in a global 100 kNode cloud is practically
impossible. And I very much doubt anyone is seriously looking at all.
Now anything that might disrupt installation of the Panopticon is another
matter entirely. It's pretty obvious that a Second Great Depression
is at the doors, and the democracy is failing, so I'm guessing the
powers that be are preparing to intercept and quash the Internet
as a grassroot signalling layer for protesters (something like in
France, only not just immigrants, and on a vastly larger scale).

> Even though the current list of Tor node IP addresses is basically public,
> I'm not 100% convinced it woul have to be.

The client builds the circuit, so it has to know the entire list of
the nodes. The Tor server doesn't have any say in that matter, and that's
actually good because you can operate a Tor network with a high fraction
of Mallory nodes more or less safely.

> Well, exit and entry nodes perhaps have to be public, but what about nodes
> inside the cloud? OK, anything sent to one of those nodes by an edge node
> has to use a unencrypted IP address on the packet header, right? BUT, the
> same machines that house the Tor nodes could (and probably do, right?)
> house other services as well...a packet sent to the Tor node has to be sent
> to the right socket and layer 4 service. Right? And THAT can be encrypted,
> and probably already is by Tor nodes. (Now remember I'm not a datacom
> guy...)
> If the list of interior Tor nodes is encrypted and only machine-readable by
> other Tor nodes, AND if we have a few additional  services residing on the

I would be very surprised to learn that no TLAs are running nodes, or at
least tap nodes (when you run a colo, you don't have a lot of control about
physical security, so you have no idea whether there's a rootkit after
it comes up after a yet another "outage").

> same machines as the Tor nodess, then a packet sent to a machine housing a
> Tor node may or may not actually be going to a Tor node.

A much better idea is to make Tor a payload for a worm vector. I would
be very surprised if spammers wouldn't start building their private Tor
networks on zombies for control traffic, should persecution begin in
earnest. These IRC bots and channels are awfully public, and a couple
of trampolines is not sufficient number of indirection layers by far.

> If the operators of that machine are also unaware of the precise
> service-bundle existing on the machine (not unreasonable as long as someone
> is paying them for the consumed bandwidth) AND if packets destined for that
> machine can reasonably be said to be accessing a non-TOR service AND if the
> IP address list of interior TOR nodes is encrypted, is the Tor node now
> disguised? Seems to me it would be difficult for some  authorities to track
> down the location of some Tor nodes.

The best Tor node operator is the one who doesn't even know he's one.
A network of million zombies where two new arise for one stricken down is
effectively unkillable.

Btw, there's a Tor package for OpenWRT -- I have not verified it's
working as adverized however -- the hardware *is* a bit tight. It would a
disposable node, meshable, and with no wires to trace.

> Or am I missing something? Like I said, I'm no datacom guy, but hiding a
> Tor node deosn't seem impossible to me.

You'd need a redesign where servers with only partical network knowledge
can randomly redirect packets, while still unable to gnaw off all the
onion layers. Topologically, routing in random high-N spaces is not
However, the network better be of considerable size. Enter the worm.

Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list