[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Exit node connection statistics

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Exit node connection statistics
From: Dawney Smith <dawneysmith@xxxxxxxxxxxxxx>
Date: Fri, 18 Jul 2008 15:05:53 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 18 Jul 2008 10:06:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=dH7CKxMuUm96iA0L0H3Ejzr5PTa0Wozi3ckkAa9hVgA=; b=Wf2ucZgIn1p0P+HPX/EQzCkis7tzhEdpSB2rcYrCLNbUALXqOdN/CJMRBplogvV2iR MdsfgSbubbtOhC/v3gB7+LjK50htL1D8Jsfqb8Zniuk76U4n5dtGJnsY7HUcR0mz6aZN Wq3nr02Zc1iV+resb4JZPbw1nfUWnVZ/4YyuA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=BxlttnOyqPPsSABsCydjvlG8u4Arf8K2HU2aaQMVMmHwHWsDKU0Gjo6gtWPxxX8Pzz C9PWSuZiFJdq487LDg8WsufHaHTnLUO/TwW5fX2uurDSYzopgd1ZRX9OY/WZ9uA+btUq Qi+vjxriIiOMtzuuy+9GpcfHuDDHm9NGdLg5U=
In-reply-to: <549-04850@xxxxxxxxxxxxxx>
Openpgp: id=5D6281F2
References: <549-04850@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.14 (X11/20080505)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Figuring out which exit node you are should be fairly trivial. There are
about 1000 exit nodes that exit on port 80, and you are one of them.

If I just send loads of http requests through half of those exit nodes
to my own server one day and then check if my IP appears on your
webpage, I've halved the number of possible exit nodes you are. If I
then halve it again and repeat this every day, it should only take about
a week and a half. I'll start with a possibility of 1024 exit nodes just
for ease of maths:

Day 1 : Test 512 of the 1024 remaining exit nodes
Day 2 : Test 256 of the  512 remaining exit nodes
Day 3 : Test 128 of the  256 remaining exit nodes
Day 4 : Test  64 of the  128 remaining exit nodes
Day 5 : Test  32 of the   64 remaining exit nodes
Day 6 : Test  16 of the   32 remaining exit nodes
Day 7 : Test   8 of the   16 remaining exit nodes
Day 8 : Test   4 of the    8 remaining exit nodes
Day 9 : Test   2 of the    4 remaining exit nodes
Day 10: Test   1 of the    2 remaining exit nodes - Success

This process becomes quicker if you have more than 1 ip to test with.

I'm making the assumption that it can't be that difficult to send enough
http requests to get to the 100th or above place on your list. You don't
publish total number of connections, only percentage of total, but it
seems likely to me that the number of connections made to the site that
is number 100 on your list should be easy to exceed.

I'm not going to bother of course, because I don't care that much. But
just so you know, don't use that same onion address for anything that
*needs* to be anonymous, because it wont be.

- --
Dawn

mplsfox02@xxxxxxxxxxxxxx wrote:
> Hi,
> 
> I don't know if somebody did this before, but I think it is quite interesting, to which hosts most of the exit connections go to. So I set up a statistics script creating a list of the top 100 hosts each day to which Tor users connect to over my node (only for ports 80 and 443).
> 
> Besides just being interesting, this can also show potential security problems on the top hosts which are being exploited over Tor. For example, during the last weeks rapleaf.com was always at the top, and they keep a huge email-address database. This is probably no incident.
> 
> The log data necessary for this is being deleted after one day not to compromise the anonymity of the users.
> 
> I decided to make this accessible through a hidden service only, since I don't want to influence the exit node usage behaviour. This is the address:
> 
> http://ob44yuhbyysk5xft.onion
> 
> If you think this is a stupid idea or you have ideas for other interesting stats and for any other comment you can reach me by mplsfox02_AT_sneakemail_DOT_com. I don't know how long I will stay subscribed with or-talk, since I just wanted to seed the information. Spread it as you like.
> 
> Regards,
> 
> a Tor exit node operator.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIgKNBcoR2aV1igfIRAs+KAJ94H26Eyc4Dm+nvRdtswIXX3rHTNACeODu8
+SgBlPvn0mX13cyGO62lrQY=
=KdYI
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Exit node connection statistics
  - From: mplsfox02

References:
- Exit node connection statistics
  - From: mplsfox02

Prev by Author: Re: email hidden service
Next by Author: No Tor server exists that allows exit to 127.0.0.1:80. Rejecting.
Previous by thread: Re: Exit node connection statistics
Next by thread: Re: Exit node connection statistics
Index(es):
- Author
- Thread