Browse code

Drop 'IP hijacking detection for the Tor Network' project idea

Didn't hear back if it was still relevant.

Damian Johnson authored on05/02/2017 01:07:06
Showing1 changed files
... ...
@@ -1104,46 +1104,6 @@ ideas.
1104 1104
     </ul>
1105 1105
     </li>
1106 1106
 
1107
-    <a id="ipHijacking"></a>
1108
-    <li>
1109
-    <b>IP hijacking detection for the Tor Network</b>
1110
-    <br>
1111
-    Likely Mentors: <i>Aaron Gibson (aagbsn)</i>
1112
-    <br><br>
1113
-    <p>
1114
-    <a href="https://en.wikipedia.org/wiki/IP_hijacking">IP hijacking</a>
1115
-    occurs when a bad actor creates false routing information to redirect
1116
-    Internet traffic to or through themselves. This activity is straightforward
1117
-    to detect, because the Internet routing tables are public information, but
1118
-    currently there are no public services that monitor the Tor network. The
1119
-    Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in
1120
-    order to keep the set of monitored relays accurate. Additionally, consensus
1121
-    archives and historical Internet routing table snapshots are publicly
1122
-    available, and this analysis can be performed retroactively.
1123
-    </p>
1124
-
1125
-    <p>
1126
-    The implications of IP hijacking are that Tor traffic can be redirected
1127
-    through a network that an attacker controls, even if the attacker does not
1128
-    normally have this capability - i.e. they are not in the network path. For
1129
-    example, an adversary could hijack the prefix of a Tor Guard relay, in
1130
-    order to learn who its clients are, or hijack a Tor Exit relay to tamper
1131
-    with requests or name resolution.
1132
-    </p>
1133
-
1134
-    <p>
1135
-    This project comprises building a service that compares network prefixes of
1136
-    relays in the consensus with present and historic routing table snapshots
1137
-    from looking glass services such as <a
1138
-    href="http://routeviews.org">Routeviews</a>, or aggregators such as <a
1139
-    href="https://bgpstream.caida.org">Caida BGPStream</a> and then issues
1140
-    email alerts to the contact-info in the relay descriptor and a mailing
1141
-    list. Network operators are responsive to route injections, and these
1142
-    alerts can be used to notify network operators to take immediate action, as
1143
-    well as collect information about the occurrence of these type of attacks.
1144
-    </p>
1145
-    </li>
1146
-
1147 1107
     <a id="ahmiaSearch"></a>
1148 1108
     <li>
1149 1109
     <b>Ahmia - Hidden Service Search</b>