On 3/19/16, Oskar Wendel <[email protected]> wrote: > ... > Let's assume that the service is extremely popular, with over 6 terabytes > of traffic each day, and a gigabit port almost constantly saturated. Then, > we can observe a small handset of guards and still be able to spot at > least some users.
the problem with high traffic sites is a local confirmation attack. E.g. your colo line is really active! and on a short list of suspects above large traffic threshold. an outage of your local link for 3-5 min leads to confirmation across 10,000 probe sessions, circuit extension attempts, and connect attempts, all confirming yes indeed suspect hidden service suddenly out of reach. [ is this sufficient *proof* for $context? who knows, but you get the picture...] at least now the feds can't pretend to be the technicians servicing your outage under cover, anymore... ;) > Well, for one traffic hiccup probably many... > > This is not a theoretic attack. This is something that has been noticed > on one of illegal sites and I expect many busts around the globe in the > coming weeks. attacks attempting to confirm a solitary client connecting to a peer (e.g. very low degree node) are at different risk than those highly centralized, very active services experience. good luck to you! and please share insights and experience :) best regards, -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
