Some protocols expose IP addresses
Researchers from the
French Institute for Research in Computer Science and Automation (INRIA) showed that the Tor dissimulation technique in
BitTorrent can be bypassed by attackers controlling a Tor exit node. The study was conducted by monitoring six exit nodes for a period of twenty-three days. Researches used three
attack vectors:
[115]
Inspection of BitTorrent control messages Tracker announces and extension protocol handshakes may optionally contain client
IP address. Analysis of collected data revealed that 35% and 33% of messages, respectively, contained addresses of clients.
[115]:3 Hijacking trackers' responses Due to lack of encryption or authentication in communication between tracker and peer, typical
man-in-the-middle attacks allow attackers to determine peer IP addresses and even verify the distribution of content. Such attacks work when Tor is used only for tracker communication.
[115]:4 Exploiting distributed hash tables (DHT) This attack exploits the fact that
distributed hash table (DHT) connections through Tor are impossible, so an attacker is able to reveal a target's IP address by looking it up in the DHT even if the target uses Tor to connect to other peers.
[115]:4–5
With this technique, researchers were able to identify other streams initiated by users, whose IP addresses were revealed.
[115]