distributed traffic patterns (for personal traffic)

Mon Nov 8 06:35:51 PST 2010

> Subject: Re: distributed traffic patterns (for personal traffic)
> From: teddks at gmail.com
> To: cypherpunks at al-qaeda.net
> Date: Mon, 8 Nov 2010 09:07:47 -0500
>
> On Mon, 2010-11-08 at 05:15 +0000, John Case wrote:
> > Virtual Private Servers are getting fairly cheap, and Amazon EC2
instances
> > even cheaper.  A hundred or so dollars per month could put together a
> > fairly large set (say, five ?) of general purpose unix nodes on at least
3
> > continents ... EC2 in Asia and Ireland, and then some bullshit VPS
> > provider(s) here and there in the US.
> >
> > So let's say you assemble a little quiver of these root shells, and your
> > intention is to completely obfuscate your own personal traffic ... to
just
> > disappear completely (as an atomic, individual net user).
> >
> > The technical foundation is pretty basic - just set up your own system,
or
> > perhaps a firewall at your home/office to block all traffic except for
SSH
> > or HTTPS and to take all outbound traffic and tunnel it over one of those
> > to a random one of your systems.  Easy.
>
> > So where does this start to fall apart ?
> >
> > First, if you hit any kind of personal/vanity/small sites on a daily or
> > hourly basis, **an attacker just has to camp out upstream from there and
> > collect all the source IPs that come in.**  So if you run your own
> > mailserver (or whatever), this falls apart almost immediately.
> >
> > Second, unencrypted login sessions ... between web forums and chat rooms
> > and any number of other things, somewhere you're entering a user/pass
over
> > plain old HTTP... and if an attacker can guess one or more sites that
they
> > know you visit, they can, just like above, camp out upstream and just
> > collect all of your proxy IPs.
> ...
> > And it looks like this is a fairly cheap thing to put together in 2010...
>
> It seems to me like Tor would do everything this solution would do, and
> even would avoid the two attacks you present. The attacker can do the
> same thing (camp the destination), but they'll just get Tor exits. It's
> also simple to transparently proxy all traffic on your system through
> Tor.
>
> If you really wanted to limit your anonymity set, you could run those
> nodes and set a few of them up as bridge nodes and a few of them up as
> exits, and cycle through that. An upcoming feature of Tor is matching
> circuits to destination ports, so you could use your (trusted) exits for
> cleartext traffic (the few sites when you're forced onto HTTP) and use
> the wider Tor network for the rest.
>
> Maybe I'm not seeing what you're trying to get at, but it seems like
> this would do everything you need.
>
> [demime 1.01d removed an attachment of type application/pgp-signature which
had a name of signature.asc]
Some people don't wish to use Tor for a variety of reasons, whether a lack of
trust, or simply because they don't want anyone to see Tor traffic on their
connection.
I see what you're saying, mind you. Perhaps even better would be to combine
the two, and run Tor from some Asian/off-shore server you own which you tunnel
into.
Either or, Tor is better simply because it eliminates the upstream camping,
which would probably be the main problem; eventually, your proxy servers would
be enumerated, and then, you'd be vulnerable.
There's the cost, too. 100 dollars a month, which would need to be reasonably
anonymously transferred, otherwise someone already has a list of your shells.
This kind of method would work against someone who has limited resources, but
then, so does vanilla Tor, or simple proxy chaining.