Delivery-Date: Sat, 31 Jan 2015 03:01:32 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E05601E0B2E
	for <archiver@seul.org>; Sat, 31 Jan 2015 03:01:30 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4FCFE33043;
	Sat, 31 Jan 2015 08:01:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4AB7F3303E
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 08:01:24 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id M1ypQfBd7zEB for <tor-talk@lists.torproject.org>;
 Sat, 31 Jan 2015 08:01:24 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2653F3302F
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 08:01:24 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id C06F541C4E
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 08:01:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1422691279; bh=/aIf5eV/peLafQDybnYyY2OdjdonERtpKSL8Or1+5S0=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=MF9iEuHwY9RAojMtsT2ot1EfaWjb/9xOHRAXwl2stDg3YZKXp/x36YPYi87tGijHb
 /qtoOQqBo2atswfi5wJ+jUUoi3b5DGnBIYqRByDNexcJj4DinDTZcbR3k0kgqUYedF
 jDWuSGiDKfYnjvQIatd8T05UZxFlOJAjUT7FPutg=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id B00874206D
Message-ID: <54CC8BDD.1080805@riseup.net>
Date: Sat, 31 Jan 2015 01:01:33 -0700
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54CB577A.9000100@riseup.net> <54CB59D5.5040300@riseup.net>
 <54CB5D63.5000108@techwang.com> <54CB689A.3010402@riseup.net>
 <op.xtahyknnbgbjo9@work-pc.lan> <54CC27AE.5060805@riseup.net>
 <op.xtaza906bgbjo9@work-pc.lan> <54CC3D22.8040707@riseup.net>
 <CAD2Ti2-Z54O38qZb-EFUwqLy5o1Be7wxVPDhS391F29t6TGSCQ@mail.gmail.com>
In-Reply-To: <CAD2Ti2-Z54O38qZb-EFUwqLy5o1Be7wxVPDhS391F29t6TGSCQ@mail.gmail.com>
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Tor -> VPN Clarification
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 01/30/2015 10:42 PM, grarpamp wrote:
> On Fri, Jan 30, 2015 at 9:25 PM, Mirimir <mirimir@riseup.net> wrote:
>> On 01/30/2015 06:19 PM, Seth wrote:
>>> If I remember correctly it has to do with the ability to correlate VPN
>>> traffic on the last 'leg' of the connection from you to your VPN
>>> provider vs traffic on the last leg of journey from Tor exit to your
>>> desired destination.
>>
>> How is that any worse than adversaries correlating traffic between your
>> ISP and entry guards with traffic between exit nodes and destinations?
>>
>> Tor is by definition vulnerable to such adversaries.
>>
>> I've been thinking about testing such matters.
>> What's the best open-source software for traffic correlation?
>>
>> actually usable without coding from basic principles.
> 
> Ask the NSA.

:)

> They're about the only ones with need for such tools.

Don't we all need them? Without some decent tool, how can we distinguish
total overkill from pathetic fail? For sure, I'm just an amateur. But
that said, if I can break something, I know that it's pathetic. I just
want a decent hammer ;)

> You might make some basic proof of example with netflow
> tools whether as in unix kernel and/or third party, plus the free splunk.
> Watch your own service plus you and ten of your friends accessing it
> simultaneously.

Renting VPS is less complicated, and dumpcap with ring buffer is
convenient for capturing. I can export throughput in Wireshark. I take a
sample from one capture, multiply it by a same-length sliding window
from another capture, and look at sums vs offset. I've put an example
here: http://lwcl5doqq2uzjmom.onion/Dot-Product-Example.html

I did that in Excel, and it was tedious. But considering your suggestion
re splunk, now I'm wondering whether MySQL would be easier and faster.

> Give a presentation at a con, maybe they'll recruit you :)

Mirimir doesn't appear in public ;)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

