On 5/4/15, Leif Ryge leif@synthesize.us wrote:
... So, unlike a transparent tor router, this system is not intended to prevent malicious software on client computers from being able to learn the client computer's location, right?
hello Leif!
this deserves a longer answer, but you're right. if the attacker is using Tor itself a Tor enforcing gateway can't protect against those attacks.
DNS leaks, UDP exfil (like the MAC leaking attacks), Flash based proxy bypass. these types of attacks can be stopped and warned about.
a malicious relay, a malicious hidden services, at the network level a Tor enforcing router can't discriminate or help here.
An attacker who has compromised some client software just needs to control a single relay in the consensus, and they'll be allowed to connect to it directly?
you don't even need to control a relay, this could be performed via hidden service, as well.
It is unclear to me what exactly this kind of tor router *is* supposed to protect against. (I haven't read the whole document yet but I read a few sections including Threat Model and I'm confused.)
i will clarify to make this more apparent.
best regards,