[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit node stats collection?



I'm well out of my depth here in terms of technical expertise so please
take this question with a huge grain of salt, but the dialogue on this
thread makes me wonder:

Should the probably very slim likelihood that someone may have somehow
spoofed Tor's metrics be considered alongside other hypotheses for
explaining the recent stats?

That seems implausible to me (even as a non-technical person), but is such
a "hypothesis" potentially still in the same ballpark of plausibility as
other explanations put forward here?

Hopefully it's clear I'm not trolling or trying to dismiss others' ideas
or data...just trying to hold up a different (and hopefully still
constructive) yard-stick next to what still seems like considerable
uncertainty in terms of explanations for the set of recent observations
discussed here.


> On 09/05/2013 02:08 AM, Gordon Morehouse wrote:
>
>> mirimir:
>> [snip]
>>> Perhaps these 1.8e+6 (standard stats) to 4.0e+6 (beta stats) new
>>> Tor clients members of a botnet designed, at least in part, to
>>> securely and redundantly host hidden services. The demise of
>>> Freedom Hosting may have stimulated some creative thinking.
>>
>> As Asa mentioned earlier[1], there's no corresponding traffic on
>> social media.  This is something people (like me) would get yelly
>> about on Twitter and such.
>
> I wonder if grarpamp has seen a bunch of new hidden services.
>
>>> Also, if this were a botnet, I would expect it to show up in
>>> honeypots. Wouldn't its bots be easily detected, through searching
>>> for Tor connections? Having the vector might be very informative.
>>
>> Tor connections are easy to find without searching, no?
>
> I'm not sure. They might be more-or-less obfuscated.
>
>> If the botnet's purpose is to damage Tor, it may be less likely to be
>> caught with honey, so to speak.  If this is a feature rollout using
>> Tor for C&C to an existing or rapidly-growing botnet, I'd expect to
>> hear about it soon from security researchers.
>
> That depends. If it's drawing on random clueless Windows users, as most
> botnets do, I don't see why it wouldn't show up in honeypots. If it's
> not showing up, it might be a feature rollout. Or it might not really be
> a physical botnet, but rather something very cleaver that looks like one.
>
>> I have a bad feeling that this is aimed at Tor itself, given other
>> recent developments e.g. in the NSA scandal, plus less recent
>> developments in nationalist "cyberwarfare."  Just a hunch, though.
>
> I'm reminded of the point where the Aleph goes online in _Mona Lisa
> Overdrive_ ;)
>
>> [1]
>> https://lists.torproject.org/pipermail/tor-talk/2013-September/029841.html
>>
>> Best,
>> -Gordon M.
>>
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk