Tor 0.2.7.6 is released
Here comes another stable release!
Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For more information on the guard bug, see Roger's preliminary analysis.
You can download the source from the usual place on the website. Packages should be up within a few days.
Changes in version 0.2.7.6 - 2015-12-10
- Major bugfixes (guard selection):
- Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered by Mohsen Imani.
- Minor features (geoip):
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database.
- Minor bugfixes (compilation):
- When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
- Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781.
- Minor bugfixes (correctness):
- When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
- The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on 0.2.7.2-alpha.
- Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on 0.2.7.2-alpha.
BUPT former president
BUPT former president Bin-Xing Fang et al., Published "anonymous communication systems unobservability measure" in the "Computer Research and Development" (PDF), reported that they can observe traffic patterns Tor confuse widget will identify it. In order to avoid deep packet inspection, the researchers developed a protocol obfuscation tool, Tor anonymity network developed transport layer protocols confuse plug-ins include obfsprox (obfsproxy3 and obfsproxy4), meek and fte like. Researchers from Tor official website to download software, transport traffic soon after some research found that confusion Tor plugin vulnerable time analysis attacks. They found that, meek, bridges and HTTPS traffic packets inside the interval basically the same, but the meek packets in 0.5 seconds, has a near significant jitter, because the meek client in order to maintain a long connection with the cloud platform automatically when they are free to send a heartbeat packet, heartbeat packets are randomly between 0.1 seconds to 5 seconds to select a value. They also observed the other two data modes: bridge mode packet size are concentrated in the vicinity of 600B, reasons and Tor packet design related; under meek mode client-service packet size at around 200B, server to client end around 400B.
Please tor developers and other interested parties Bin Xing rogue plug-flow characteristics of the confusion of research !!
translated by https google translate
哈哈哈哈哈哈哈哈哈
哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈
前北邮校长方滨兴等
前北邮校长方滨兴等人在《计算机研究与发展》上发表论文《匿名通信系统不可观测性度量方法》(PDF),报告他们能通过观察Tor混淆插件的流量模式将其识别出来。为了躲避深度包检查,研究人员开发出了协议混淆工具,Tor匿名网络开发的传输层协议混淆插件包括obfsprox(obfsproxy3和obfsproxy4),meek和fte等。研究人员从Tor官网下载软件,对传输流量进行一番研究后很快发现Tor的混淆插件容易受到时间分析攻击。他们发现,meek、网桥和HTTPS的流量数据包内部时间间隔基本相同,但meek的数据包在0.5-2秒附近有一个明显的抖动,原因是meek客户端为了与云平台保持长连接而自动在空闲时发送一个心跳包,心跳包是随机在0.1秒-5秒之间选择一个值。他们还观察到了其它两个数据模式:网桥模式下数据包大小在600B附近比较集中,原因也与Tor的数据包设计有关;meek模式下客户端到服务数据包大小在200B左右,服务器到客户端400B左右。
请tor开发人员关注方滨兴等流氓对混淆插件流量特征的研究!!