On very rare occasions I've noticed that my Tor Guard Node will change without my intention. My understanding was that you do not want to change your Tor Guard Node to prevent possible exploits, at the very least per online session. Sometimes my initial Tor Guard Node will be very slow so I will change it very early, but this should have no real impact since not much traffic has occured. When this happens I will generally end my session for the day just to be safe. Is this supposed to happen? Is it something to be worried about?
Compromised guards can pose a very real threat, and there are two ways in which this can work. In order to actually locate a location-hidden service, an attacker must control one of the guards selected by the hidden service. When he then visits the hidden service, his traffic pattern will appear at the guard which also knows the IP of the hidden service. Instant deanonymization! Conversely, if an adversary runs a hidden service you visit, and he also controls one or more compromised guards, then you will instantly be unmasked if your node chooses any of his compromised guards to connect to his service.
Tor's response to these threats many years ago was to make guard nodes unchangeable. The first time your node went online, you were given lifetime guards. Either you were hosed at the outset, or you would never be compromised. Over time, the network became unbalanced. New guards had few or no clients assigned, while the old guards were overloaded with clients assigned years ago who never left. A decision was made to allow 'changing of the guard' again. Although they slowed down the changes, slow motion attacks became possible again. Services were being unmasked over a time frame of months to a few years. More recently, guard changing was slowed even further. They still change of course, just less often.
You can protect yourself at a cost. By assigning unchanging guards in your torrc file, you avoid connecting to an unwanted guard. The cost is, if all your selected guards are down at the same time, tor won't work for you until one gets back online. It has been shown that a single computer can overwhelm a guard with requests, knocking it temporarily offline. Once sent offline and in a reboot scenario, all that guard's clients go looking for a new guard. The aim is to try to get clients to select the attackers compromised guards by knocking non-compromised guards offline repeatedly. Select 3 or more trusted guards and get their fingerprints from http://t3qi4hdmvqo752lhyglhyb5ysoutggsd … mqd.onion/. Then add this magic line to your torrc file.
EntryNodes $97BD....,$EF34....,$ADC9....
0 comments:
Post a Comment