Delivery-Date: Sun, 20 Mar 2016 17:21:29 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 561771E0B91;
	Sun, 20 Mar 2016 17:21:27 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 53392354FE;
	Sun, 20 Mar 2016 21:21:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B7E2735412
 for <tor-talk@lists.torproject.org>; Sun, 20 Mar 2016 21:21:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id DzhQtMOwNJIl for <tor-talk@lists.torproject.org>;
 Sun, 20 Mar 2016 21:21:19 +0000 (UTC)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com
 [IPv6:2607:f8b0:400c:c05::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 882542167D
 for <tor-talk@lists.torproject.org>; Sun, 20 Mar 2016 21:21:19 +0000 (UTC)
Received: by mail-vk0-x22b.google.com with SMTP id e185so196188506vkb.1
 for <tor-talk@lists.torproject.org>; Sun, 20 Mar 2016 14:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc; bh=mRdBWEQBFjWlWmqh+bou9ZlEcWamPEPZMlBZgBMhdKc=;
 b=GyVFs5YN9gLAZi1aVPyz/H7tQnmNJ+VEEFwSxBm7cxQAfQNqqe7UvbHHAgBCqga4mW
 fDFY8K81sIHELABoionWpd6r50u9SQh/eEJuPY5AFySy6t9DBqyX/1fncq5VpZuQF+Vj
 bNW77pS2irIRaOl5JE/xH4G+DYqfafa9T6FXhfBpW+llAQfDes4kl1UmjrlaNjKq8/Ie
 YXg6yMqoG0Dl+Y9FcUC5THbUL8sdiVG3cKCkn6n0n53iNIZkyiHnsp0qPTylscaXD4LK
 bIJRpBx79lLzyjrGZchefeN/95Adm8xhhyEHmhoYHiK0a0Vu3NSypNMEbTsxFezWYKU9
 frfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc;
 bh=mRdBWEQBFjWlWmqh+bou9ZlEcWamPEPZMlBZgBMhdKc=;
 b=eTRye9tnni27OmLUTyDCc+SLbCeDwprxwkE2y4X3DvMTdNSMnJSPxicU289Rm2Hc1D
 4mF3xRJPFW45kTxfXLn5rsbk5RJED1TQZnpxt7Od49Sxw9zfiWfZf6t8qRXWWqqeEn+3
 PloLRcuFwVLfddmFRQ8QrLks3i3gYN+f/hbf9vW7jZB2GSeQUDwFcaJSMOQLUXiU3G2m
 oZanLQ0BxlsvQHBz0YqhchAOpq8TUKRo46sD2HGyLC6+G02Z2f7RlVQKe1wrQAQRwqqO
 d6bbC5MWeh7T/CsMawlSD+LMvBqRKXAlF3dju3E9RFenkKW6JuHax5s/11iYwzB8cBJ5
 iGgQ==
X-Gm-Message-State: AD7BkJJYmVFBJqrJoUgTLB/JJZ+q2WVUbw4rL6warzAvUjfCHZqaFAUrnwyuCk8G8NPwzdLUnyTJpFZK+TrxCQ==
MIME-Version: 1.0
X-Received: by 10.31.136.5 with SMTP id k5mr25077076vkd.35.1458508877097; Sun,
 20 Mar 2016 14:21:17 -0700 (PDT)
Received: by 10.176.69.5 with HTTP; Sun, 20 Mar 2016 14:21:17 -0700 (PDT)
In-Reply-To: <nci43k$3ee$1@ger.gmane.org>
References: <nci43k$3ee$1@ger.gmane.org>
Date: Sun, 20 Mar 2016 17:21:17 -0400
Message-ID: <CAD2Ti28jvQQjkgvhmRL7uZ11KYqTFHsYZDjz-QPgY5hGw+qOcQ@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Cc: cypherpunks@cpunks.org
Subject: Re: [tor-talk] Traffic shaping attack
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 3/18/16, Oskar Wendel <o.wendel@wp.pl> wrote:
> Let's set up a service in a way that it will modulate the traffic, so the
> download would look like:

That's active manipulation in / at one endpoint node.

> Then, we monitor traffic flowing into various entry nodes (remember we're
> a global adversary, having direct access to infrastructure around the
> globe) and spot the traffic that matches our pattern.

That's global / regional passive listening, needing be concerned
minimally visibility with just any other G/R IP endpoints without
needing track entire path.

Which, if presumed and likely to be deployed, combine to be nicely
effective, whether finding such clients, or services on Tor, I2P, etc.

Attack could be made much more difficult quite possibly defeated
if all nodes engaged in bucketed reclocked and jittered fill traffic with
each other (possibly along some virtual path distance >=1 hop)
and enforced peering relationships based upon receipt of same
expected and contractually obligated traffic (would you talk to or
retransmit for a node that acted sent packets as you say... fuck no).
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

