Hacker News new | past | comments | ask | show | jobs | submit login
Mitigating IP spoofing against Tor (torproject.org)
49 points by 0xggus 70 days ago | hide | past | favorite | 5 comments



I'm curious how they were able to locate the origin of the spoofed packets (?)


The basic idea is:

a) find a cooperative receiver of the spoofed packets

b) log/mirror packets on inbound packets at their border routers to determine which peer the packets are coming from

c) ask that peer to do the same thing etc.

You can speed things up if the destination address of the spoofed packets is in a /24 that you can afford to do disruptive experiments with; and you have a wide network with extensive peering. In that case, advertise that /24 at all your locations and to all your peers. When you get traffic, if it's from a single source, you may only need to work with one peer to find the true origin.


The article here is basically PR from the Tor project. I suspect most reader here would find this relatively high-level technical analysis of the attack more interesting:

https://delroth.net/posts/spoofed-mass-scan-abuse/


Discussed on HN when it came out.

https://news.ycombinator.com/item?id=41982698


This analysis is discussed and linked in the article.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: