Delivery-Date: Sun, 09 Nov 2014 05:59:36 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 040DC1E070F;
	Sun,  9 Nov 2014 05:59:35 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 51C6D31A28;
	Sun,  9 Nov 2014 10:59:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BE57831A1E
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 10:59:27 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 60ayB2gp_TfD for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 10:59:27 +0000 (UTC)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com
 [IPv6:2a00:1450:4010:c03::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 60B53319CA
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 10:59:27 +0000 (UTC)
Received: by mail-la0-f48.google.com with SMTP id gq15so6297914lab.7
 for <tor-talk@lists.torproject.org>; Sun, 09 Nov 2014 02:59:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=AKboDHzF06qqJUpjTtT3jvIAwhuPTYIqEUurrqT05GE=;
 b=izWGuQtgLk4F5/8NdpeINJZoD88Bdx/cnbw9W8kKU+Ox4IzJr2RQM9VbZssQ9DTJha
 thaqEIgJV6uzlc8cQ7/6q3WfYmZdQhhZxjUjBrCIP26Rc4YJr0q9srYhcYk10bvQT7/S
 CYnI7g2LCXST5/GU0BZLmpAqqDanfJbQ+NXL6/GsyF13qMiZ+myV8ZRGgAPopbwPyR7B
 w3eaeBLL/a+DjVkvovxRdD/Be42zSZ8bpaarbFLw7w5H+bfH012p+ZFbo9oLop5kzbyR
 Gq3GaN0csqKoiCqTaNVlyBTyw7zCYwxnrSWHD/t1EI/5k9JP7LgJ1RlmS3sjiW7NMlrF
 5aKg==
MIME-Version: 1.0
X-Received: by 10.112.12.35 with SMTP id v3mr1867501lbb.80.1415530764280; Sun,
 09 Nov 2014 02:59:24 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Sun, 9 Nov 2014 02:59:24 -0800 (PST)
In-Reply-To: <545D5F6B.6080202@riseup.net>
References: <F6D797CA-4304-4254-8E9F-6189EE3DCAFC@opendna.com>
 <545D5F6B.6080202@riseup.net>
Date: Sun, 9 Nov 2014 02:59:24 -0800
Message-ID: <CAJVRA1Q-jQRdQbufBEs_ox_L28wwESnmHXc5WeNDK80+goAPxw@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Operation Onymous against hidden services,
 most DarkNet markets are down
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/7/14, Mirimir <mirimir@riseup.net> wrote:
>> ...
>> "Something to note from that graph: There were lots of very odd layer
>> 7 ddos requests which affected tor performance moreso than anything
>> ... like my TCP buffers weren't even close to max, but I had to mess
>> with the ContrainedSockets options in torrc in order to have
>> availability. ... Intangir and I even talked at the time about how it
>> was probably a deanonymization attempt."
>
> Might that push a hidden service to use more of its backup guards? In
> conjunction with DDoSing all known hidden-service guard relays, that
> could force the hidden service to use malicious relays that are
> qualified as such. I get that from reading Paul Syverson et alia.

if you crash Tor, it won't necessarily use more of its backup guards.
this attack would have to be combined with other network level (MitM)
tampering to manipulate route selection like that, as i currently
understand the situation.

with your "DDoSing all known hidden-service guard relays" perhaps you
allude to this, but note that all you'd need to do is interfere with
the hidden service path to those guards to be effective. (RST
injection) rather than a carpet bombing of all guards HS uses.


best regards.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

