[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Exit relay operators please help test #2667 branch

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Exit relay operators please help test #2667 branch
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Fri, 29 Jan 2021 00:34:28 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Jan 2021 18:34:57 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1611876875; bh=xD4rZMJni2eK61I2AtrDhQ7XttYTWOp0SCRW+D7hXjY=; h=To:References:From:Subject:Date:In-Reply-To:From; b=oC0gc0VbCZbpETdHt6eh9fmqZ4P+Qm+wYDUyWsh0iSXvhrwDEiN/evgx244P/fupm 79JWMSBkj/qwyGm2s2bjZEAkMDAbNwoj8TEwA+75DPCxP5udwRTWtzVoVrkxYpau4A GNBOg4mBLubGd79boF9qRrA3WIU3s0SZFE0P5Xx0=
In-reply-to: <20210128064026.GH821@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20210128064026.GH821@moria.seul.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Unless you already ruled out that hypothesis by looking at the attack
distribution by source IP:

If dir auths (some or all) are willing to share (privately or publicly) the distribution of
attack load (frequency, bandwidth, ...) by exit source IP in total or relative values
I can correlate this data to strengthen a hypothesis that malicious/suspicious
exits are involved to a greater extend than well-known long term exits.
That could mean that they are not (exclusively) attacking via but _from_ servers that also happen to
run tor exits. 


From another angle this is an interesting precedence
because the tor project uses it's access to protect dir auths
from exit relays. Why is that interesting? Because no one else
that gets attacked via exit relays has that "luxury" to "filter"
it at the "source" (exits).


-- 
https://nusenu.github.io
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Exit relay operators please help test #2667 branch
  - From: Roger Dingledine

References:
- [tor-relays] Exit relay operators please help test #2667 branch
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] OrNetStats: Operator Level Graphs added
Next by Author: Re: [tor-relays] Exit relay operators please help test #2667 branch
Previous by thread: Re: [tor-relays] Exit relay operators please help test #2667 branch
Next by thread: Re: [tor-relays] Exit relay operators please help test #2667 branch
Index(es):
- Author
- Thread