IP spoofing attack against the TOR-network.

[Max Free]

There seems to be an attack rolled out against the TOR-network. The attackers spoof the IPs of TOR-relays while trying to SSH connect to random servers that have an automated abuse-report system, with the supposed intent of getting them blacklisted or de-hosted by their ISPs. The reduced amount of relays diminish your potential to stay anonymous within the TOR-network.

Discussion about it.

A more detailed writeup.

Thoughts?

 

[synapse]

Feds doing fed things

 

[libRT]

Could be used for deanonymisation, seems like a lot of effort to just to identify someone unless its like one of the countries at war want to identify fed perps of cyber attacks for extra shit flinging or casus belli (Israel-Iran comes to mind though could be Russia). Maybe they're positioning themselves to drop 0days and we get another 'Shadow Brokers'-like release, but thats a bit of wishful thinking.

 

[GNU Abyss]

The issue references only guard/relay nodes being targeted. Either exit nodes didn't notice, they aren't being targeted, or they are so toxic to run that some spoofed packets are nothing out of the ordinary. The Spoofer Project lets volunteers test the networks they have access to for BCP 38 compliance. Here's a current map summary:



Mostly the usual suspects including, predictably, the shitstain of the world. Somehow, Iceland, Denmark and Estonia are third world tier when it comes to this as well. As usual with networking stuff, it really depends on trust. If the ISP isn't filtering spoofed packets before handing them over to the powerhouses that do most of the routing that follows, you're allowed to shit up the Internet. Hopefully the guys running relays haven't picked hosts that don't know or care about this problem.

 

[Super-Chevy454]

Feds doing fed things

That or some brickface named LFJ hired some hackers to mess with Tor or the same folks who hacked the Internet Archive now hack Tor.

 

[Insuficiencia renal]

what is even the point of tor, isn't it heavily monitored anyways? why would anyone use it?

 

[Vecr]

what is even the point of tor, isn't it heavily monitored anyways? why would anyone use it?

It's safer against non-nation state attacks than VPNs are. If you convince the right person working at a VPN company to real-time monitor who's connecting to what site at what time, they can probably tell you who a particular user is, by correlating traffic spikes to your user activity indicator. Yeah, it's kind of niche, but for Tor you would need a massive monitoring net to do the same thing.

 

[DumbDude43]

It's safer against non-nation state attacks than VPNs are. If you convince the right person working at a VPN company to real-time monitor who's connecting to what site at what time, they can probably tell you who a particular user is, by correlating traffic spikes to your user activity indicator. Yeah, it's kind of niche, but for Tor you would need a massive monitoring net to do the same thing.

nation state attackers have a hell of a lot more trouble with tor than with VPNs
a vpn provider can be compelled by police or court action to start logging and handing over all connection data. with tor this doesn't work.
so far i am not aware of any cases of a government actually breaking tor to catch someone.

 

[VarietyKnight]

what is even the point of tor, isn't it heavily monitored anyways? why would anyone use it?

If there isn't any point in Tor, then there isn't any point in anything that provides online anonymity, its literally one of the best options when it comes to privacy/anonymity online, then if you're using a VPN on top of that providing they actually don't keep logs (many VPN services claim to not keep logs but they're basically talking out their ass) you're more Anonymous than 99% of retards on the internet, the rest is just down to you not Ross Ulbricht'ing yourself like a moron.