> Of course, until you factor in the information we received later which > is that a researcher has apparently been using a technique to discover > "passively" eavesdropping nodes, and the node in question here came > up. Sort of mooting the whole discussion until the research is > published.
The above has been mentioned twice now as some sort of pending serious, paper worthy, research. Some corrective Network Engineering 101 is obviously needed here before some poor soul ends up mis-educated. There is NO way to detect passive monitoring unless you have access to the monitor. Real world passive monitoring involves mirrored upstream switch ports or optical splitters. No contact, separate devices, that's why it's called passive. Don't try to mention optical dB loss, spectral anomalies, bump insertion events, TEMPEST, heat and power consumption... because, as a user, you don't have access to those. Nor try to claim anything about running BPF on the same machine as the node thus overloading the box and perturbing flows or exploiting the listener process.... because that's not proper passive snooping and thus you're doing it wrong. Now you could properly rename that 'detection' word to 'entrapment' where you watch for the use of your unique seed. But that's a different thing, obviously. Now if you'll excuse me, I have another 100GiB of quietly recorded traffic to sift through before Friday ;-) _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
