A Few Random Thoughts...

R.A. Hettinga rah at shipwright.com
Fri Jun 26 14:42:49 UTC 2009

As with anonymous remailers, or any other anonymous system, the exit  
node of an onion-routing system is the sin-eater for the rest of the  

And, without cash settlement, you get what you pay for. :-).


Begin forwarded message:

From: Eugen Leitl <eugen at leitl.org>
Date: June 26, 2009 9:43:21 AM GMT-04:00
To: tt at postbiota.org, info at postbiota.org, cypherpunks at al-qaeda.net
Subject: A Few Random Thoughts...

----- Forwarded message from Michael <cozzi at cozziconsulting.com> -----

From: Michael <cozzi at cozziconsulting.com>
Date: Fri, 26 Jun 2009 08:16:00 -0400
To: or-talk at seul.org
Subject: A Few Random Thoughts...
User-Agent: Thunderbird (Windows/20090605)
Reply-To: or-talk at freehaven.net

   Hi all,

   As one of those lucky souls with access to almost limitless
bandwidth and the skills (or stupidity) to use it, I suppose an apology
is in order:

   I'm sorry- after reviewing what *could* be the consequences, I have
to whimp out based on professional risk factors... I can't run an exit
node. So I have to leave it to other folks who have a different
situation to do the heavy lifting.

   What I *am* doing is deploying a couple of heavy iron closed relays
on OC3 or better bandwidth. The first is now deployed after a lot of up
and down testing, and I'll get to the second in due time.

   I've been watching Tor for a long time and just recently decided to
get involved. The Iran situation cemented that decision.

   Anyhow, here are some random thoughts:

   On the "Who uses Tor?" section of the website, I see no mention of
IT people. I've used the Tor network for many practical uses as an IT
Director. These range from bypassing my own firewall to test incoming
connections, to helping my legal department do research on a pending
lawsuit without the opposition *knowing* we even looked at their
website. Having a random and easily accessible IP to initiate
connections from is a priceless testing tool. Especially when dealing
with niggling routing problems.

   On one occasion my ISP was having routing/DNS problems, and Tor was
able to find an entrance node and allow me to work even though I
couldn't get to my remote servers directly. This saved my client a lot
of downtime, and might have saved me the account. Also, my employer's
R&D department sometimes needs to look at things they don't want anyone
to know they looked at (All quite legal mind you).

   Quite frankly Tor is an undervalued IT tool and it's capabilities
should be trumpeted loudly on the web page. You might also find IT guys
like me throwing up some relays in exchange. After all- who has the
bandwidth anyway?

    And before anyone accuses me of it, I'm not nearly stupid enough to
do a port scan over Tor. Phew.

   One of the issues I ran into when looking into running an exit relay
had to do with not only the legalities, but identifying a server vendor
that was offshore from my home country and friendly to a Tor exit. In
order for me to run an exit node, I have to be completely shielded.

   As it stands now, I can probably run an exit for instant messaging-
and that's it. However, if Tor itself had a relationship with someone
who rents hardware, perhaps a partnership, Tor could get the exit nodes
it needs, and the server vendor could get lots of cash. From my
standpoint, it doesn't matter whether I rent or colocate my hardware. So
if Tor as an organization had a partnership with a few server rental
whores (in multiple countries), it would simplify getting more exits. I
need servers, Tor runs with little impact on my server, I could care
less where my remote hardware is provisioned from. Bingo- more exits.

   I read back about 6 months in the or-talk list and there were a
couple of suggestions inferring that *everyone* should be forced to be
an exit node. I think this is a very bad idea, and hurts the security of
the person trying to remain anonymous by causing an identifiable change
in bandwidth usage that could infer Tor usage (Information leakage).

   Simply speaking, on a default Windows/Vidalia installation, outgoing
Tor traffic usually looks like https traffic, but on a forced exit, now
Tor is identified by relatively matched traffic on port 443 both in and
out of the client's connection (Unless it's entrance node is a *nix
variant). This could mean death (literal) for a political dissident who
is now identified as having an in/out matching traffic pattern assuming
his entrance node is on Windows. It is more likely, that a country
monitoring it's citizens would miss simple https traffic. But even
myself as a lowly IT director, would have alarm bells going off if https
was initiating in two directions from the same machine. Alternative
ports can also set off alarm bells. But given the nature of Onion
Routing, two way traffic needs to be avoided in the most sensitive
sensitive situations. Forcing exit nodes is a bad idea for users. It
will also drive away anyone who cannot provide an exit node.... that's
chasing away bandwidth as non exit relays run for the hills.

   Long post. Too much coffee and too much time staring at routing  


----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the NANOG mailing list