Adding 'IP hijacking' project idea
Damian Johnson commited on 2016-03-08 17:35:41
Zeige 1 geänderte Dateien mit 40 Einfügungen und 0 Löschungen.
Idea from Aaron, Donncha and Yawnbox. Aaron is the only person that spoke up volunteering to mentor but might be worth nudging the others if we get students.
- getinvolved/en/volunteer.wml 6748023a7..88b6e0dea
| ... | ... |
@@ -1453,6 +1453,46 @@ implementation. |
| 1453 | 1453 |
</li> |
| 1454 | 1454 |
</ol> |
| 1455 | 1455 |
</li> |
| 1456 |
+ |
|
| 1457 |
+ <a id="ipHijacking"></a> |
|
| 1458 |
+ <li> |
|
| 1459 |
+ <b>IP hijacking detection for the Tor Network</b> |
|
| 1460 |
+ <br> |
|
| 1461 |
+ Likely Mentors: <i>Aaron Gibson (aagbsn)</i> |
|
| 1462 |
+ <br><br> |
|
| 1463 |
+ <p> |
|
| 1464 |
+ <a href="https://en.wikipedia.org/wiki/IP_hijacking">IP hijacking</a> |
|
| 1465 |
+ occurs when a bad actor creates false routing information to redirect |
|
| 1466 |
+ Internet traffic to or through themselves. This activity is straightforward |
|
| 1467 |
+ to detect, because the Internet routing tables are public information, but |
|
| 1468 |
+ currently there are no public services that monitor the Tor network. The |
|
| 1469 |
+ Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in |
|
| 1470 |
+ order to keep the set of monitored relays accurate. Additionally, consensus |
|
| 1471 |
+ archives and historical Internet routing table snapshots are publicly |
|
| 1472 |
+ available, and this analysis can be performed retroactively. |
|
| 1473 |
+ </p> |
|
| 1474 |
+ |
|
| 1475 |
+ <p> |
|
| 1476 |
+ The implications of IP hijacking are that Tor traffic can be redirected |
|
| 1477 |
+ through a network that an attacker controls, even if the attacker does not |
|
| 1478 |
+ normally have this capability - i.e. they are not in the network path. For |
|
| 1479 |
+ example, an adversary could hijack the prefix of a Tor Guard relay, in |
|
| 1480 |
+ order to learn who its clients are, or hijack a Tor Exit relay to tamper |
|
| 1481 |
+ with requests or name resolution. |
|
| 1482 |
+ </p> |
|
| 1483 |
+ |
|
| 1484 |
+ <p> |
|
| 1485 |
+ This project comprises building a service that compares network prefixes of |
|
| 1486 |
+ relays in the consensus with present and historic routing table snapshots |
|
| 1487 |
+ from looking glass services such as <a |
|
| 1488 |
+ href="http://routeviews.org">Routeviews</a>, or aggregators such as <a |
|
| 1489 |
+ href="https://bgpstream.caida.org">Caida BGPStream</a> and then issues |
|
| 1490 |
+ email alerts to the contact-info in the relay descriptor and a mailing |
|
| 1491 |
+ list. Network operators are responsive to route injections, and these |
|
| 1492 |
+ alerts can be used to notify network operators to take immediate action, as |
|
| 1493 |
+ well as collect information about the occurrence of these type of attacks. |
|
| 1494 |
+ </p> |
|
| 1495 |
+ </li> |
|
| 1456 | 1496 |
<!-- |
| 1457 | 1497 |
<a id=""></a> |
| 1458 | 1498 |
<li> |
| 1459 | 1499 |