On 28 Feb (02:09:00), nusenu wrote: > > > Donncha O'Cearbhaill: > > nusenu: > >> This group is still growing. > >> > >> Note that the following table is _not_ sorted by FP. > >> > >> The FP links these relays even across ISP, and given the FP column > >> pattern it might be obvious what they are after. > >> > >> They do not have the hsdir flag yet. > >> > >> https://raw.githubusercontent.com/nusenu/tor-network-observations/master/2017-02-24_9001-9051-v0.2.8.9.txt > >> > > > > Nusenu, thank you for reporting these relay. They are now in the process > > of being removed from the network. > > Thanks for letting us know. > > It would be nice if you could share: Hello! I'll try to help out as much as I can here. > - if you reached out to the operator (via abuse contacts) We do that if a valid contact address is present. In this case, we had only one I believe and still no response. Email was sent yesterday ~afternoon EST. > - removal reason Proximity of fingerprint indicates a clear attempt at insertion in the hashring for an (some) onion address. We are *always* better safe than sorry with bad relays so even without a 100% confirmation, we go ahead. > - what was removed That, we don't disclose for obvious reasons that if the attackers can see what we removed and when, it makes it easier for them to just adapt in time. Only subscribers to bad-relays@ can know this. However, those reject/badexit entries at the directory authority level expire after a time period and when they do, they become public here in this DocTor script that monitors any relay that we've expired and will be there for a 6 months period: https://gitweb.torproject.org/doctor.git/tree/data/tracked_relays.cfg After that 6 months, you can find commit like this that removes a bunch of them: https://gitweb.torproject.org/doctor.git/commit/data?id=f89e3dca452a0d776eed5d32136f8a474f892cac > - method (by FP, IP, IP-range, ...) We always reject both FP and IP. Sometimes, it can be a full network range. Depends on the attack. > - how long they will be blacklisted The standard time period is 90 days *but* it's still a human that does that so it goes beyond that time period sometimes. *HUGE* network block though, we are more careful at not extending too much the reject time. > - time of removal We don't disclose that for now. Only subscribers to bad-relays@ can know this. There has been *MANY* discussions about having this reject list public and everything in the open. I believe it wasn't full agreement in the end but for now it went towards keeping it close. Thanks! David > > thanks, > nusenu > > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- F7k4dGBiwJmiegoPb+2QbzdAVSSAfb5AitHDxdxsEV8=
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays