Opened 5 years ago

Closed 5 years ago

#14101 closed enhancement (duplicate)

Client may be forced to choose a certain guard!?

Reported by: mzupzyij Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: guard
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi!

I recently heard a talk about deanonymisation attacks against TOR on the 31C3
Congress of the Chaos Computer Club.
After that, a certain question about packets count/timing attacks came to my
mind.

What about a situation, in which an attacker already knows who he want's to
attack. Maybe he's in the same wireless network or he knows the public IP of
the victim. He just wants to find out, on what websites the victim is surfing
via TOR.

If the attacker has a way to drop all the packages send by the client when
connecting to a guard/entry node, he could do this until the client chooses an
evil guard node the attacker is in control of.

Does TOR currently do anything to handle this?
Maybe a warning if too many guards are unreachable?

Child Tickets

Change History (1)

comment:1 Changed 5 years ago by nickm

Resolution: duplicate
Status: newclosed

Thanks for the report. I think this is a duplicate of #13989.

Note: See TracTickets for help on using tickets.