The use of malicious botnets to disrupt The Onion Router

Ron Wireman ronwireman at gmail.com
Fri Feb 1 22:57:01 PST 2008 

   It seems to me that we owe a lot the roughly 1,500 people who donate
   their bandwidth to our project at any one time.  They give us a
   tremendous gift that allows us to participate in unpopular or even
   dangerous political speech and debate, to by-pass inappropriately
   restrictive filters, and to limit the amount of information about
   ourselves that we reveal to the organizations who run the Internet
   sites we access.  I don't wish to divulge some of the ways in which
   I've used tor to protect myself, but I'm sure all of you reading this
   list can think of many examples where it has assisted you in your own
   life and most of you use it on a frequent basis.  All of this comes at
   the cost of time and money from many volunteers who receive no benefit
   whatsoever from relaying your traffic for you.
   It seems to me, however, that even this gracious act of charity may be
   no match for the types of attacks we may be faced with as we become
   more popular and, as a result, more of a target. The number of users
   running tor nodes pales in comparison to the number of computers that
   may be in any one of the many individual botnets, which are groups of
   hijacked computers controlled in unison by a single entity.  The
   largest of these botnets ever discovered had over 1,000 times the
   number of nodes that tor does.  What happens when one of these botnets
   are commanded to join tor all at once and begin harvesting private
   data that people naively did not encrypt or, worse, replacing all
   pictures requested with goatse.jpg?  These and other malicious acts
   could easily take place, perhaps even perpetrated by a malevolent
   government entity, and would cause significant disruption to our
   router.
   We must take expedient measures to prevent this type of attack,
   because as of now, tor is quite vulnerable, perhaps even critically
   so.  The group of computers that make up the official Network Time
   Protocol pool, a network that is used to provide extremely accurate
   time synchronization for millions of computers around the world, has a
   manually administrated list.  Since it has about as many nodes on it
   as tor has, it suggests that maintaining such a list would not be
   difficult.  It seems to me that this would be an excellent way to
   prevent a node flood attack.  Without it, tor will be rot.
   Awaiting your comments anxiously,
   Ron Wireman

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list