Search the Community

Ever heard of the NetFlow protocol? It's used to collect TCP/IP packet data and export them for later analysis. Developed by.. pause for effect.. Cisco! <3 And every Cisco router supports it. The reason why there's a vulnerabiliy which will never get closed? This is a conspiracy theory! Kill him! .. Er.. yeah. So, NetFlow. A few researchers at Columbia University recently published a paper in which they describe an attempt to use NetFlow against the TOR network. Well, not directly. Their goal is to evaluate "the effectiveness of using NetFlow data to perform practical traffic analysis attacks for identifying the source of anonymous communication", short and relevant version: "How effective is NetFlow when it comes to finding out the source of an anonymized connection with it?" Tested in-lab and in the network, "we had 100% success rate in determining the source of anonymous flows [in-lab]. When evaluating our attack with traffic going through the public Tor relay, we were able to detect the source in 81.4% cases. We observed about 12.2% false negatives and 6.4% false positives in our measurements." For everyone who wants to read the paper, here's the link. Let me know what you understand by source of an anonymous connection. Let's play a simplified taboo game: You must not use the term IP address because, well, that's not what is meant. If you want to know why, please proceed and read the answers.