Days after researchers described an attack that could reveal the identities of individuals who used bitcoin over the Tor anonymity network, a privacy advocate has developed a tool to monitor the occurrence of that attack.

The tool, TorBan, is a website that gives information about the Tor exit nodes currently connected to the bitcoin network.

If all the connections are fresh, users should be wary of a privacy-invading attack like the one described by the Luxembourg researchers, TorBan's creator Kristov Atlas said, adding:

"If you see a bunch of new nodes never seen before, and all of the ones that have been seen for a long time are no longer seen, that's suspicious."

Atlas said he was inspired to write TorBan by the University of Luxembourg paper, which was written by Ivan Pustogarov and Alex Biryukov, of the university's cryptology research group.

The paper outlined an attack that could unmask a bitcoin user who connected to the digital currency's network using Tor.

Banning Tor networks

The privacy incursion relies on exploiting the bitcoin protocol's built-in protection against denial-of-service (DoS) attacks, which bans clients that it thinks are DoS-ing it. By DoS-ing bitcoin servers from the Tor network, an attacker would cause all Tor exit-nodes to be banned from the bitcoin network.

The attacker can then run their own Tor exit nodes or bitcoin servers, waiting for a victim to connect. Victims are susceptible because they wind up using the attacker's Tor exit-node or her bitcoin server because all legitimate exit-nodes would have been banned by the bitcoin network.

TorBan traces the history of exit-nodes connected to the bitcoin network. If all the nodes are new, it could indicate that a malicious actor has triggered a ban of Tor exit-nodes by bitcoin servers, setting the stage for an attack.

source: http://www.coindesk.com/torban-monitor-bitcoin-over-tor-attacks/