Disguising a Tor node?

Tyler Durden camera_lumina at hotmail.com
Thu Dec 14 03:01:05 PST 2006 

Well, here's where my ignroance is revealed.

But let me recall the 'threat scenario' in this case.

MwGs don't like Tor networks, and set about trying to find the nodes, and 
take them down. How do they do this? They can, perhaps, look at the IP 
addressses of packets they themselves shoot through the network, and then 
(theoretically) trace these back to the machines that sent the packets, 
presumably a tor node. Or at least, they can do this  for an exit node(s).

After finding an exit node, they can then contact the operator to locate the 
server and Tor node, and bludgeon them in totaking it down. The operator 
prrobably won't be surprised, because they will have installed the Tor node, 
which presumably has all sorts of files named, TOR.EXE, TOR_CLIENT.DLL, and 
so on. The only other way to tell they are running a Tor node is to see the 
other IP addresses coming in and going out, which presumably are other Tor 
nodes.

Is that basically right?

What if, for instance, a Tor client sent out a whole buttload of IPs, some 
of which are Tor nodes, some of which aren't, in various cities (including, 
say Fallujah). Let's say also that the Tor package sent to an actual Tor 
node operator was disguised to look like some other innocuous service. Let's 
say also that there are plenty of fake non-Tor packets coming in and out of 
that node which don't lead to any Tor nodes at at all.

In the case, the local authorities would have to have some kind of subpeona 
(one would think) 'proving' to the operator that they indeed have a hated 
Tor node on one of their machines. They would also have to do this for a 
variety of nodes, perhaps, even ones that aren't actually Tor nodes.

OK, farfetched. But possible? I'm a telecom guy so what the hell do I 
know...

-TD




>From: Eugen Leitl <eugen at leitl.org>
>To: Tyler Durden <camera_lumina at hotmail.com>, cypherpunks at jfet.org
>Subject: Re: redgene might be gone
>Date: Mon, 11 Dec 2006 18:29:54 +0100
>
>On Mon, Dec 11, 2006 at 12:11:52PM -0500, Tyler Durden wrote:
>
> > Why is it necessary for a Tor node to be identifiable by authorities? Is 
>it
> > possible to disguise it as something else?
>
>If you're renting a colo server with a fixed IP, how would you
>disguise it as anything, or conceal it as anything else if
>you never ever even seen the machine in question?
>
>Still no news on the trouble ticket. Either they're swamped,
>or the server has been really confiscated.
>
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>______________________________________________________________
>ICBM: 48.07100, 11.36820            http://www.ativel.com
>8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
>
>[demime 1.01d removed an attachment of type application/pgp-signature which 
>had a name of signature.asc]

_________________________________________________________________
Visit MSN Holiday Challenge for your chance to win up to $50,000 in Holiday 
cash from MSN today!  
http://www.msnholidaychallenge.com/index.aspx?ocid=tagline&locale=en-us

More information about the cypherpunks-legacy mailing list