Back to Security Pattern Catalog

Random Exit

Classification Key : Exterior Security, Information Disclosure


The exit node of an anonymity network forwards a packet to its final recipient. Exit nodes often come under abuse. Having a few exit nodes reduces the number of points an adversary needs to monitor.
How can an anonymity service prevent exit abuse?


Allow traffic to exit an anonymity network not only at the endpoints a circuit, but also in the middle of a circuit.

Known Uses

Tor initiators can direct traffic to exit partway down the circuit, by using in-band signaling within the circuit. This frustrates traffic shape and volume attacks based on observing the end of the circuit. Crowds proxies on the path of a web request can locally decide, based on a probability of forwarding, whether to forward traffic through another proxy, or become the last node on the path and communicate with the recipient directly.


Hafiz Privacy Patterns


Anonymity, Privacy


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz