[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")

[Steve Kinney]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 08/28/2015 03:24 AM, grarpamp wrote:
> While reducing network traffic to various accounting schemes
> such as netflow may enable some attacks, look at just one field
> of it... bytecounting.
> 
> Assume you've got a nice global view courtesy of your old bed
> buddies AT&T, Verizon, Sprint, etc and in addition to your own
> bumps on the cables.
> 
> You know the IP's of all Tor nodes (and I2P, etc). So you group
> them into one "cloud" of overlay IP's. For the most part any
> traffic into that cloud from an IP on the left, after it
> bounces around inside, must terminate at another IP on the
> right.
> 
> There are roughly 7000 relays, but because many of them are
> aggregable at the ISP/colohouse, peering and other good vantage
> point levels, you don't need 7000 taps to see them all.

[ etc, right on target AFAIK ]

Global observer attacks can be augmented by owning a substantial
number of the routers:  All hosted at one facility, but globally
distributed via transparent VPN connections running on a variety
of platforms all over the world. These router instances would be
somewhat customized to facilitate manipulation of traffic via a
purpose built hypervisor with a plugin architecture for monitor
functions. Since code names aren't supposed to be related to the
named thing in any way, we can't call this Hydra.

In terms of real world threats, I think it's safe to say that TOR
"Hidden Services" aren't very well hidden from motivated
adversaries who can deploy global observation and/or global
infiltration attacks: The persistence, fixed physical location and
interactive availability a hidden services makes it a fat, dumb,
happy sitting target for any major State's military and police
intelligence service that takes an interest in identifying the
host and its operators IRL.

:o/



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJV4CPjAAoJEDZ0Gg87KR0L/NEQAKuHUSt75+drmpbT3E5N5EQq
IohHdYiD1w0ui/PGjK/TE5AbUUcvRdxZ1RTKHlksvxxQeNRngimtUXbifb5SnCgo
MpYMidXRxfNCNjvQOYTj5ao2uZ4k833uiHF8eKkVXoVrnxT5dMZnaFUnZUqoNoVQ
Kf099zLvMDbcvnprO8ACGTCwmmFo81n2Qh5RnHvuXn1Y47tsLNNiaftzqZeucudq
YDNoDi/U4VxRJvpMTUs0N7CcGoifZy573XK72kDriJj61Hk8irLtKyGkj/aNheUX
mUi5RHYRhoiZYi8GMtPRXkehHX7bOtoevj4ndBU8VHVUD0HFj/B28FxlL4AH60SU
x/8pTVSfdyivA4Iq6l6MHCQETCsRJtrEbQ7tZhZ+bke6Kp2zA2910nIXufnwZy2D
x6emy2wSEjCme7VuZ+BXrPFXUBYf6d5J7hX21z2e09IV+EGteVsoYyifFGGKEe4e
j9EopUatPvff+l1rE5ka49CcruT9dcKkc/W77H0etc186djSPElJj4Yo7Uwsrax/
qcNu8zAqrXzxxg2Og//cCV3BA9gRDMMqBXXyJZy3EdmuhcZyRI7s5Q4c/7vvRVFC
iob4S6ZPoMmF39YJxPNlg8eq0YbjmZ04WRsHtG43IEBuSuQiz8MFoXWT1zKXJ/iw
4aw6fi0dqJ4DI1TEj6Co
=+O1w
-----END PGP SIGNATURE-----