Back to Security Pattern Catalog
: Exterior Security, Information Disclosure
The exit node of an anonymity network forwards a packet to its final recipient. Exit nodes often come under abuse. Having a few exit nodes reduces the number of points an adversary needs to monitor.
How can an anonymity service prevent exit abuse?
Allow traffic to exit an anonymity network not only at the endpoints a circuit, but also in the middle of a circuit.
Tor initiators can direct traffic to exit partway down the circuit, by using in-band signaling within the circuit. This frustrates traffic shape and volume attacks based on observing the end of the circuit. Crowds proxies on the path of a web request can locally decide, based on a probability of forwarding, whether to forward traffic through another proxy, or become the last node on the path and communicate with the recipient directly.
Hafiz Privacy Patterns
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz