[email protected] writes: > Since I thought it might be interesting to consider the potential > implications of BGP-related attacks described above if applied to guard or > exit relays, I wanted to share the following article: > http://www.renesys.com/2013/11/mitm-internet-hijacking/ > > That post also refers to an earlier, related post: > http://www.renesys.com/2010/11/chinas-18-minute-mystery/ > > Any thoughts/reactions from a Tor standpoint?
You can't use BGP redirection to impersonate a node because the individual nodes have unique cryptographic keys that are listed in the Tor directory consensus. (We need all other Internet services to move to having unique cryptographic keys, too, so that people who can control and redirect networks can't impersonate them!) You could use BGP redirection to become able to spy on traffic headed to a guard node or coming out of an exit node that would otherwise not have passed through networks that you control. The most relevant consequence of that would probably be increasing the probability that the attacker can successfully do a traffic correlation or confirmation attack. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
