On 2011-12-30, John Case <c...@sdf.org> wrote: > > Let's say I have an exit node handling average traffic and number of > connections (whatever that is). Let's also say that port 22 is included > in my exit policy. > > Now let's say that I, as the administrator, log onto the exit node and: > > ssh u...@host.com > > I understand that a global observer with traffic analysis blah blah blah. > > But what about someone just watching the exit node ? Is there anything at > all about my ssh connection generate from within the exit node that would > distinguish it from "real" exiting Tor traffic ?
Someone watching all traffic to and from the exit node would be able to distinguish that connection from Tor traffic because traffic on the SSH connection would not be relayed over any OR connection (in either direction). Someone watching only that SSH connection (e.g. a sniffer at host.com) would be able to distinguish that SSH connection from an exiting Tor stream because your SSH client would respond to messages from the server immediately after they reach the exit node, whereas an SSH client connecting over Tor would not be able to respond until data from the server reached the other end of a Tor circuit. Robert Ransom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk