On 12/09/2017 20:25, Ralph Seichter wrote: > I'm not certain what you consider a "DNS attack". > > Many exit node operators run a caching DNS resolver on their exits, > which is easily done. Lacking that, you can use the resolvers run by > your ISP, who can monitor all outbound traffic anyway, as I mentioned. >
An attacker can try to find what websites a Tor user has visited, by comparing : - the timing of Tor user home connection traffic and - the timing of DNS queries happening on DNS servers controlled by the attacker On this webpage, the author talks about "correlation" attack : https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
