DNS Traffic of a Tor Exit Node - An Analysis

Sonntag, Michael

doi:10.1007/978-3-030-05345-1_3

Michael Sonntag ORCID: orcid.org/0000-0002-2506-2350¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11342))

Included in the following conference series:

International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

1612 Accesses

Abstract

The DNS traffic of a large-bandwidth Tor exit node is investigated for anomalies and compared to domain name registrations. From the results we can conclude what people are using the Tor network for. Some national anomalies can be identified - websites in China (.cn) and Russia (.ru/.su), and to some degree in Ukraine (.ua), are used differently through Tor than e.g. websites under the top-level domain of Germany (.de).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium (SSYM 2004), vol. 13. USENIX Association, Berkeley (2004)
Google Scholar
Sonntag, M., Mayrhofer, R., Hörmanseder, R.: Technical and legal determinants of implementing a Tor exit node. In: 33rd GEANT Networking Conference - TNC17 (2017). https://tnc17.geant.org/core/presentation/32
Sonntag, M., Mayrhofer, R.: Traffic statistics of a high-bandwidth Tor exit node. In: Mori, P., Furnell, S., Camp, O. (eds.) Proceedings of 3rd International Conference on Information Systems Security and Privacy, pp. 270–277. SCITEPRESS (2017)
Google Scholar
Greschbach, B., Pulls, T., Roberts, L.M., Winter, P., Feamster, N.: The effect of DNS on Tor’s anonymity. In: NDSS 2017. Internet Society, San Diego (2017)
Google Scholar
Bortzmeyer, S.: DNS query name minimisation to improve privacy. RFC 7816. https://tools.ietf.org/html/rfc7816
Jansen, R., Johnson, A.: Safely measuring Tor. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016), pp. 1553–1567. ACM, New York (2016)
Google Scholar
Biryukov, A., Pustogarov, I., Thill, F, Weinmann, R.-P.: Content and popularity analysis of Tor hidden services. In: ICDCSW 2014, Proceedings of the 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, pp. 188–193. IEEE, New York (2014)
Google Scholar
Loesing, K., Sandmann, W., Wilms, C., Wirtz, G.: Performance measurements and statistics of Tor hidden services, applications and the internet. In: 2008 International Symposium on Applications and the Internet, SAINT 2008, pp. 1–7. IEEE, New York (2008)
Google Scholar
Ling, Z., Luo, J., Wu, K., Yu, W., Fu, X.: TorWard: discovery, blocking, and traceback of malicious traffic over Tor. IEEE Trans. Inf. Forensics Secur. 10(12), 2515–2530 (2015)
Article Google Scholar
Winter, P., et al.: Spoiled onions: exposing malicious Tor exit relays. In: De Cristofaro, E., Murdoch, Steven J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 304–331. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08506-7_16
Chapter Google Scholar
Johnson., A., Wacek, A., Jansen, R., Sherr, M., Syverson, P.: Users get routed: traffic correlation on tor by realistic adversaries. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS 2013), pp. 337–348. ACM, New York (2013)
Google Scholar
Manils, P., Abdelberi, C., Blond, S.L., Kâafar, M.A., Castelluccia, C., Legout, A., Dabbous, W.: Compromising Tor anonymity exploiting P2P information leakage. CoRR (2010). arXiv:1004.1461
Federrath, H., Fuchs, K.-P., Herrmann, D., Piosecny, C.: Privacy-preserving DNS: analysis of broadcast, range queries and mix-based protection methods. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 665–683. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_36
Chapter Google Scholar
Alexa Top 1 Million. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Shalla’s Blacklists. http://www.shallalist.de/
Black, S.: Unified Hosts File with Base Extensions. https://github.com/StevenBlack/hosts
Domaintools: Domain Count Statistics for TLDs. https://research.domaintools.com/statistics/tld-counts/
Freedom House: Freedom on the Net 2017: Ukraine Country Profile. https://freedomhouse.org/report/freedom-net/2017/Ukraine

Download references

Author information

Authors and Affiliations

Institute of Networks and Security, Johannes Kepler University Linz, Altenberger Strasse 69, Linz, 4040, Austria
Michael Sonntag

Authors

Michael Sonntag
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Sonntag .

Editor information

Editors and Affiliations

Guangzhou University, Guangzhou, China
Guojun Wang
Swinburne University of Technology, Melbourne, VIC, Australia
Jinjun Chen
St. Francis Xavier University, Antigonish, NS, Canada
Laurence T. Yang

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sonntag, M. (2018). DNS Traffic of a Tor Exit Node - An Analysis. In: Wang, G., Chen, J., Yang, L. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2018. Lecture Notes in Computer Science(), vol 11342. Springer, Cham. https://doi.org/10.1007/978-3-030-05345-1_3

Download citation

DOI: https://doi.org/10.1007/978-3-030-05345-1_3
Published: 07 December 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05344-4
Online ISBN: 978-3-030-05345-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics