Tor Open To Attack 109
An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."
Re:Not quite so oblig SW reference.. (Score:4, Informative)
"Feb 25 16:16:02.628 [notice] Tor v0.1.1.xx. This is experimental software. Do not rely on it for strong anonymity."
Thus proving, once again, that Tor is only for the Quasi-anonymous group.
Could this be avoided? (Score:4, Informative)
Re:Well, not just that. (Score:3, Informative)
At which point the client seeks another route. Right?
What I'm saying is that I don't think this would be effective with only one or two nodes.
Though on a larger scale, I agree that this tactic could effectively DOS the network.
Re:Could this be avoided? (Score:2, Informative)
Unless you purchased your network card on a credit card at a place that scans the MAC address along with the UPC when they ring you up, like CompUSA does. (to make sure you don't return a different network card for a refund)
Re:Well, not just that. (Score:5, Informative)
If [dailykos.com] only [commondreams.org] that was true [sldn.org]...
Re:No love for Freenet? (Score:3, Informative)
As the above AC said, a lot of the discussion was on Frost, which doesn't have any publicly-accessible archives. You can find the mailing list thread here [freenetproject.org], though. In particular this [freenetproject.org] and this [freenetproject.org]
Of course, I'm not sure if this really matters that much; last I heard, Freenet was known to be vulnerable to man-in-the-middle attacks [freenetproject.org], and fixing it wasn't considered a priority...
Re:How Many Nodes Do You Need to Own? (Score:2, Informative)
Official Tor response (Score:2, Informative)
Shava Nerad
executive director
The Tor Project