[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] JAP back doored
- To: "Adam Shostack" <adam@homeport.org>
- Subject: RE: [Full-Disclosure] JAP back doored
- From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
- Date: Fri, 22 Aug 2003 18:28:26 +0200
> There is no exponential term in MIX traffic. That means that if you
> try to ensure that all traffic leaves the network quickly (so you can
> say, web browse), then your attacker only needs to analyze traffic
> over a few seconds, and that's easy.
>
> Simple attacks work really well on real time mix chains of any length
> that TCP timeouts are likely to allow.
I haven't looked at the actual protocol used by JAP, just followed the
postings here. But if they re-route traffic through the mixes *quickly*
it may be hard to trace who is an actual user, but it is definitely
possible. In the Dresden-Dresden case it is really so easy that it is
(again) laughable at what the Germany police is trying over here. They
could obtain what the want by "just" running some traffic analysis.
Sure, that would be more expensive, but it would have had the benefit of
not beeing publically discussed.
Bottom line: a real analyzer must randomly *delay* in- and outgoing
traffic. In high-volume environments a few (milli) seconds may do. If
JAP does this, then it (was) fine. If it didn't, it wasn't any secure in
the first place...
As another example (being shut down externally), that famous anonymous
remailer (pennet.fi or so) introduced random delays by design to
circumvent this issue.
My (technical;)) 2 cts...
Rainer
PS: If you would like to run a rant on German gouvernment, its technical
incompetence may be a much better target ;)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html