Delivery-Date: Sat, 26 Mar 2016 11:31:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DCA621E033A;
	Sat, 26 Mar 2016 11:31:09 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1AF4039542;
	Sat, 26 Mar 2016 15:31:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 328223962A
 for <tor-talk@lists.torproject.org>; Sat, 26 Mar 2016 15:30:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id zg5vVc2kpANd for <tor-talk@lists.torproject.org>;
 Sat, 26 Mar 2016 15:30:56 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 00A7C393BF
 for <tor-talk@lists.torproject.org>; Sat, 26 Mar 2016 15:30:56 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <gno-or-talk-2@m.gmane.org>) id 1ajqAt-0000pB-Km
 for tor-talk@lists.torproject.org; Sat, 26 Mar 2016 16:30:51 +0100
Received: from chomsky.torservers.net ([77.247.181.162])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <tor-talk@lists.torproject.org>; Sat, 26 Mar 2016 16:30:51 +0100
Received: from o.wendel by chomsky.torservers.net with local (Gmexim 0.1
 (Debian)) id 1AlnuQ-0007hv-00
 for <tor-talk@lists.torproject.org>; Sat, 26 Mar 2016 16:30:51 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: tor-talk@lists.torproject.org
From: Oskar Wendel <o.wendel@wp.pl>
Date: Sat, 26 Mar 2016 15:30:45 +0000 (UTC)
Lines: 65
Message-ID: <nd69v5$qjt$1@ger.gmane.org>
References: <nci43k$3ee$1@ger.gmane.org>
 <CAJVRA1SOk_FBO7wXi_tHbFzfPdG21KK5M++45iGcv9tJ8uRs3A@mail.gmail.com>
 <20160319034044.GQ8732@moria.seul.org> <ncjbkj$tfr$1@ger.gmane.org>
 <20160320015647.GR8732@moria.seul.org> <ncn0rr$1jm$1@ger.gmane.org>
 <20160320221427.GE15350@torproject.org>
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: chomsky.torservers.net
Subject: Re: [tor-talk] Traffic shaping attack
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Perry <mikeperry@torproject.org>:

> I'm still with Roger on being careful about assuming its an attack (and
> not a bug, or other emergent behavior) before conducting more tests. At
> least, that is what proper engineering and science demands before we can
> respond, anyway.

Yes, I agree. But the attack is very probable here.

> For example, I wonder if users see such interrupts on all of their Tor
> traffic at that time, or just hidden service traffic? Or just hidden
> service traffic to specific services?

Only with hidden service traffic from this specific service.

> I am wondering the same thing about the hidden service side. Is it
> seeing interrupts of all traffic, or just some?

Unfortunately, only the site admin could confirm, but I don't see him 
here (he has been notified of this thread).

Actually, as I don't know the site admin in person, it would be possible 
that the site admin is already in jail and the site is being run by LEA, 
inserting these interruptions deliberately. But for now let's assume it's 
not true.

> If this is an attack, this information could help inform us as to if
> we're looking at an attack targeting all users, certain guard nodes, or
> just specific hidden services. With this information, we will also be
> able to better consider defenses, if it is an attack.

If it is an attack, I strongly suspect it's targetting users of the 
specific hidden service.

> Even if it is not an attack, it would still be useful to know, because
> we may be looking at some other kind of bug or bad emergent property in
> Tor.

Yes, definitely.

> It could also be due to the fact that Tor is effectively
> single-threaded. If something on the user's guard node, intermediate
> node, or hidden service is taking large amounts of CPU time, this will
> prevent traffic from flowing while that operation is happening.

It would have to run within a realtime scheduler to completely block Tor 
for several seconds... very few applications use this scheduler, at least 
in Linux.

- -- 
Oskar Wendel, o.wendel@wp.pl.REMOVE.THIS
Pubkey: http://pgp.mit.edu/pks/lookup?op=get&search=0xB5E3846CD40F08E3
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJW9qscAAoJELXjhGzUDwjjfIEH/j1sPFmu0rqg/CoRMuR1kRmV
121yTGD2rS8U+RrsudX8gRUxDvGhn8/CTPV4pV5DEGZErNpxQzzhogy8iPpeG57u
jDwT+0m5wfT1lcjWofRQCi2CvqT3GqQnjk5x59ZGKl3en8HYjJkwJ2G7JDpn6zTQ
/eviPJv+QYn4qt11RgcNOMktYux6nad744LFSdiLp+h57ka1VSVwPQ/g8IvoZ9qu
HrhrNZfn5bu+uaeWrMkQjGgXHXy1Yx+myh7dGiS3oZHycjm2f/9zs/jAOozZ9EXb
YAwYSY5XZte464zrXpTfgdaIB33XrDAelPqFwmJuLcg6sk1Q2x7LavT3lCqgWRk=
=hyKK
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

