[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: 25 tbreg relays in directory
On Sun, 28 Jun 2009 20:09:25 +0800 Pei Hanru <peihanru@xxxxxxxxx>
wrote:
>On 2009-04-27 18:27 CST, Scott Bennett wrote:
>> torstatus currently shows 25 different relays that are all named "tbreq"
>> and appear to be in China. I wonder whether these are due to some benighted
>> user restarting tor after clearing its key files every time, or whether there
>> may be several that are all owned by one organization. All but four are
>> marked as being "offline".
>
>I finally got a plausible answer a few days ago.
>
>The short answer is, someone are making use of Tor to do nasty things,
>and all "tbreg"s aren't aware they are running Tor relays.
>
>The long answer.
>
>"tbreg" stands for "TaoBao REGistrar". TaoBao is an eBay-like website in
>China. Some sellers want to quickly increase their reputations
>(so-called refresh) in order to attract more buyers. The first thing for
>them is to register multiple accounts. However, TaoBao is rigorous on
>this, a single IP is only allowed to register one or two accounts. So,
>someone realize this need and begin to sell softwares which
>automatically register large number of TaoBao accounts. Tor, together
>with Privoxy are used as a HTTP proxy to bypass the IP restriction. For
Remarkable.
>some reasons I don't understand, this software will run Tor as a relay.
Perhaps the perverts misunderstood that they were configuring tor in
their package to run as a relay when all they needed for their purpose was
a client.
>
>I've downloaded the software and tested, the version of Tor in it is
>indeed 0.2.1.2-alpha, torrc in it is
Ouch. This provides another example in support of having a way for
the directory authorities to render insecure versions inoperable/unusable
as relays to the rest of the network and only usable as clients to connect
to the tor project's web site to download a current version of tor.
>
> SocksPort 9050 # what port to open for local application connections
> SocksListenAddress 127.0.0.1 # accept connections only from localhost
> ControlPort 9051
> Nickname tbreg
> ORPort 9001
>
>You may test yourself, the download link is
>http://www.wintaobao.com/download/tbreg_v1.3.8.msi (from
>http://bbs.wintaobao.com/viewthread.php?tid=135).
>
>Finally some random thoughts.
>
>1. We shall be reassured for a moment, these relays won't do much harm
>to the Tor network. I'm more concerned about the people running these
>relays, their computers aren't protected at all. But considering the
>things these guys are doing... well, let it go!
Given the possible harms to which the victims may be subject, this
is an argument in favor of having a way for the directory authorities
to assign the Invalid flag to a group of nodes in an automated fashion
based upon some easily recognizable characteristic they share, in this
case, the Nickname. Because the node IDs (key fingerprints), IP addresses,
etc. come and go, it needs to be an automated method, so that the directory
authority operators can tell their nodes to invalidate all nodes with the
common characteristic.
>
>2. Why Tor runs in a relay mode?
>
>3. Should these "tbreg"s be banned from the Tor network? If so, what's
>the best way to do?
>
I've already weighed in on this, so I'll wait to see the (possibly
updated) views of others before making further comments.
Thank you *very* much for all your sleuthing in clearing up this
mystery.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************