On 2018-01-08 16:08, Roger Dingledine wrote:
On Mon, Jan 08, 2018 at 03:59:25PM -0700, Dave Warren wrote:
Even if Tor didn't supply any relay
statistics, a curious and enterprising individual could "explore" by seeing
what happens to a particular onion when one launches a DoS attack against an
external IP that one believes might be connected to the .onion service.
Yep. If you want to go a step further, check out this paper:
https://www.freehaven.net/anonbib/#remote-traffic-pets12
where they investigate inducing congestion on a target IP address
to learn *what web page it's loading*.
Turns out the attack is only effective in certain situations, but
the fact that it's worth taking seriously at all is bad news for
the Internet as a whole.
I forgot about that one! Not a surprise that it's possible in certain
circumstances, I suppose.
Nonetheless, a hidden service should be relatively immune if the IP
address isn't known (and isn't trivially determined, such as also
hosting a relay).
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
