Delivery-Date: Sun, 27 Mar 2016 10:44:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E77231E0402;
	Sun, 27 Mar 2016 10:44:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6ABD039D48;
	Sun, 27 Mar 2016 14:44:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0898239611
 for <tor-talk@lists.torproject.org>; Sun, 27 Mar 2016 14:43:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Zq_hvherhrZy for <tor-talk@lists.torproject.org>;
 Sun, 27 Mar 2016 14:43:57 +0000 (UTC)
Received: from mx1.sigaint.org (mx2.sigaint.org [62.113.238.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.sigaint.org", Issuer "mx1.sigaint.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2B38339556
 for <tor-talk@lists.torproject.org>; Sun, 27 Mar 2016 14:43:53 +0000 (UTC)
Received: from sigaintevyh2rzvw.onion (localhost [127.0.0.1])
 by localhost (OpenSMTPD) with ESMTP id cf37c0e5
 for <tor-talk@lists.torproject.org>;
 Sun, 27 Mar 2016 14:43:42 +0000 (UTC)
Received: from 127.0.0.1 (HTTP authenticated user notwith)
 by localhost with HTTP; Sun, 27 Mar 2016 14:43:42 -0000
Message-ID: <e958ade4c570daacb5198ac06eeafc74.webmail@localhost>
Date: Sun, 27 Mar 2016 14:43:42 -0000
From: notwith@sigaint.org
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: [tor-talk] Traffic shaping attack
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Oskar Wendel:
> If I limit the transfer rate in a client to a small value (I tried 5
> kB/s), the download is stable and interruptions do not occur.

This is interesting. Could you check other speeds too (50 kB/s, 100 kB/s)?

> Full dump, from SYN to FIN, can be found below. SEND are packets from my
> socks client to the Tor, RECV are packets from Tor to my socks client. It
> was a small (interrupted by me) download, but with larger downloads it
> looks very similar.

Thank you for this work. Hopefully, other users will comment on it.

>> It could also be due to the fact that Tor is effectively
>> single-threaded. If something on the user's guard node, intermediate
>> node, or hidden service is taking large amounts of CPU time, this will
>> prevent traffic from flowing while that operation is happening.
>
> It would have to run within a realtime scheduler to completely block Tor
> for several seconds... very few applications use this scheduler, at least
> in Linux.

This should not be the case. http://obscuredtzevzthp.onion has comparable
download speeds, where I easily get 600 kB/s, but cannot see any
interrupts. I conclude it is either that particular HS software
configuration or attack on that particular HS.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

