If an ISP was performing deep packet inspection on a server's traffic, would they be able to tell the difference between a hidden service and a relay?
To clarify, I'm talking about a "middle relay" - not a bridge or an exit node.
Asked
Active
Viewed 509 times
2 Answers
1
I assume you are talking about a webserver which an onion service configured and acts as a Tor relay. The Tor relay can do three things:
- takes connections from non-Tor IP addresses and forwards them into the Tor network (guard node)
- take connections from Tor IP addresses and forward them to other Tor IP addresses
- take connections from Tor IP addresses and forward them to non-Tor IP addresses (exit node)
The onion service makes every time a connection to a Tor IP address and sends traffic back and forth. Especially it uses its own guard node to send and receive traffic.
So depending on the specific traffic pattern and setup of the relay I guess from the above knowledge it might be possible for an ISP to distinguish between relay traffic and onion service traffic.
Jens Kubieziel
- 8,630
- 5
- 35
- 116
1
NO, it's impossible for ISP. All they will see/look-at will be just a stream of an encrypted traffic
Alexey Vesnin
- 6,385
- 3
- 15
- 36