• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance

DNS traffic monitoring, a threat to Tor users’ anonymity

October 5th, 2016 Uzair Amir Security, Privacy, Surveillance 0 comments
DNS traffic monitoring, a threat to Tor users’ anonymity
Share on FacebookShare on Twitter
Tor Network Users May No Longer Enjoy Anonymity due to Exploitation of DNS Traffic Monitoring

Karlstad University researchers in collaboration with KTH Royal Institute of Technology and Princeton University have identified that the Domain Name System (DNS) can be monitored to reveal identities of Tor network users. In fact, the researchers have revealed that this method could help in tracing down Tor users with a high degree of accuracy.

Tor or Onion router is a very popular web browser that is operated by the non-profit Tor Project. It lets people surf the internet without disclosing their identities and almost two million users visit it on a daily basis. It is a relays and nodes based network that keeps the IP addresses of Tor users hidden. Its users mainly include journalists, activists and privacy-conscious individuals from across the globe. But Tor is also widely used by users who want to access Dark Web to perform illegal activities.

Must Read: New System by SafeDNS to Detect Malicious Internet Resources

According to the research team, the Tor project is quite “upfront about its limitations.” They further stated that low-latency anonymity networks like Tor are useless against global passive adversaries.

“We define such adversaries as those with the ability to monitor both network traffic that enters and exits the network. Then the adversary can run a correlation attack, meaning that it can match packets that go into the network to packets that leave it, or in other words, it can link a client’s identity to her activity, and thus, break anonymity,” the team further explained.

The DNS’ job is to map domains into IP addresses, which are easy-to-read by machines, which let users access websites via human-readable identities instead of the numeric string. DNS is the internet’s building block but this vital system can also be used to expose identities of Tor users. Research suggests that the DNS requests monitoring when combined with fingerprinting techniques can generate a different kind of “DNS-enhanced website fingerprinting attack.”

Past traffic correlation studies have focused on linking the TCP stream entering the Tor network to the one(s) exiting the network. We show that an adversary can also link the associated DNS traffic, which can be exposed to many more autonomous systems than the TCP stream.

Past traffic correlation studies have focused on linking the TCP stream entering the Tor network to the one(s) exiting the network. We show that an adversary can also link the associated DNS traffic, which can be exposed to many more autonomous systems than the TCP stream.

The researchers said:

“The Tor Project is upfront about its limitations. [..] It is well understood that low-latency anonymity networks such as Tor cannot protect against so-called global passive adversaries.

The fingerprinting is a key technique to break the anonymity privilege offered by Tor because such passive adversaries utilize Tor network weaknesses to keep track of hidden services to be accessed prior to revealing the true IP addresses and the physical location of users and their servers.

Also Read: Mouse movements are enough to track down Tor users

Companies like Google that operate open DNS [PDF] resolvers can facilitate or make use of such techniques. Through DNS traffic monitoring, attackers can easily implement highly reliable fingerprinting attack especially on websites that aren’t visited frequently.

The research team has also identified that around one-third of the sent DNS requests via Tor’s exit relays are routed through public resolvers of Google and this is an alarmingly high “fraction for a single community.”

“Although Tor is reasonably decentralized, our work shows that this does not hold for the wider ecosystem that Tor exists in,” added the research team.

According to security experts, users of Tor has no immediate reason to feel concerned because the “adversaries that can already monitor large fractions of the internet … will not do any better with our attack.”

Related:  7 Online Activities That Can Get You Arrested

[fullsquaread][/fullsquaread]

A tool named DNS Delegation Path Traceroute (ddptr) has also been released by the team that helps in tracing DNS delegation path for a qualified domain name. It later runs UDP traceroutes across all DNS servers present on the path.

[src src=”Via” url=”https://arxiv.org/abs/1609.08187v1″]Arvix[/src]

[src src=”Source” url=”https://freedom-to-tinker.com/2016/09/29/the-effect-of-dns-on-tors-anonymity/”]Freedom-to-Tinker[/src]

[src src=”Image Source” url=”https://www.flickr.com/photos/oschene/8998490391/”]Flickr/Philip Chapman-Bell[/src]

  • Tags
  • Dark Net
  • dark web
  • DNS
  • Google
  • internet
  • Privacy
  • security
  • Surveillance
  • Tor
Facebook Twitter LinkedIn Pinterest
Previous article Yahoo built a software to secretly scan user emails for the NSA
Next article Guccifer 2.0 Claims Hacking Clinton Foundation, Leaking Donor Databases
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Massive privacy risk as hacker sold 2 million MyFreeCams user records

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

19
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

37
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

338

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us