Free Speech

KEERAT SHARMA

CSC-288; Fall 2009

T O R

An Onion Routing Network

Keerat Sharma * Term Paper * CSC-288

Contents

You aren't anonymous! 2

On the network! 2

And if we dig deeper! 3

Tor! 4

Establishing virtual circuits! 4

Routing Onions! 5

The benefits of using Tor! 6

What you don't get when you use Tor! 7

Why the world needs Tor! 8

Bibliography! 9

!

!

Keerat Sharma! CSC-288 Fall 2009

1

You aren't anonymous

Privacy1

1. the state of being private; retirement or seclusion.

2. the state of being free from intrusion or disturbance in one's private life or affairs: the right to privacy.

3. secrecy.

On the network

It is extremely difficult to remain anonymous on the internet. Consider that most Hypertext Transfer Protocol (HTTP)

servers log the Internet Protocol (IP) address of a requesting host, along with a plethora of metadata. Here's a real

world example to show how much information is available to a typical web server.

A client makes a request to a server:

http://[example server].com/index.html

A default installation of an Apache2 server installation would log the following:

97.119.50.76 - - [01/Oct/2009:21:35:22 -0500] "GET /index.html HTTP/1.1" 200

810 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.3)

Gecko/20090824 Firefox/3.5.3"

Anyone with access to the server logs now has the requesting host's:

* IP Address

* Timestamp at which point they executed a request

* What they asked for

* The specific browser implementation and version that they used

* The operating system they they were on

* The language that the host is configured to operate on

Using this knowledge, we can leverage some easily available public resources and identify some more information.

Let's leverage the IP address in the example above (97.119.50.76). We can run the IP against the whois database.

Here's a snippet of what we see:

$ whois 97.119.50.76

[Querying whois.arin.net]

[whois.arin.net]

OrgName: Qwest Communications Company, LLC

The server administrator can now identify that the requesting host was connected to the internet using Qwest Communications

as their Internet Service Provider (ISP).

Keerat Sharma! CSC-288 Fall 2009

2

1 Definition acquired at http://dictionary.reference.com/browse/privacy

They can dig more though. Consider this commonly available information when you interrogate domain name servers

(DNS):

$ nslookup

> 97.119.50.76

Server:! XXX.XXX.XXX.XXX

Address:! XXX.XXX.XXX.XXX#53

Non-authoritative answer:

XX.XX.XXX.XX.in-addr.arpa! name = 97-119-50-76.omah.qwest.net.

Clearly, there's a hint in the above that the host resides as part of the quest network, and there's a 'omah' segment

that seems interesting.

Publicly available databases that resolve IP address to geographic locations are freely available, and perform this

service pretty well. According to the MaxMind GeoIP system, the above IP resolves to Omaha, Nebraska, which correlates

with the DNS registration of the host.

And if we dig deeper

Network layer analysis isn't exclusive to just the target server though. A very significant threat surrounds compromised

or malicious routers along the routing path for a connection allowing for examination of packet data and flow.

More sophisticated adversaries can examine packets as they enter networks that they have some control over. In

short, once a packet leaves a host, it can be subject to a variety of analysis by intermediate parties before it reaches the

target server.

On an application specific basis, the volume of analysis capabilities increases significantly. In an HTTP setting, servers

can set cookies to store information about the end user that will be re-transmitted on each subsequent request by the

client. Many dynamic web applications can also perform URL re-writing, where session related information is embedded

into the links on the page, allowing the server to maintain a session for the end user. Frequently this information

flows over non-encrypted channels.

Content served by an HTTP application can execute on the client side and transmit back information to the server.

...