[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Malicious Tor relays - post-analysis after two months



> Me and several tor relay operator friends have questions about
> Malicious Tor exit nodes. How do you define a node as malicious ?

In the particular case (at least the initial detection): Traffic manipulation at the exit relays.

> How bad is the situation now ? 

This group [1] is still rather active and at this point they run a 3 digit number
of relays, but it is not the only malicious group that is active on the Tor network and
might not even be the group I worry about the most.

[1] https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac

> Is there any other risk than ssl
> striping ? 

I think so, yes. 
The good thing about ssl-stripping attacks is, that it is easy
to protect against and easy to detect (if you are aware). The catch is that 
most users are probably not aware.
So when compared with all other types of attacks that malicious relays can perform,
ssl-stripping is probably not the biggest worry.

> After the long
> discussion on the tor relay mailing list, what will be implemented as
> a solution ? 

As far as I can see, nothing will change/be implemented in the near future
at the Torproject or Tor directory authority level. 

for Roger's (long term) plan see:
https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001
linked from
https://blog.torproject.org/bad-exit-relays-may-june-2020


> * is there / will there be things 
> implemented as a conclusion of the "call for support for proposal to 
> limit large scale attacks" ?

Nothing came out of that thread.

> * has it been possible to prepare / set 
> up precautions to avoid this king of situation 

I don't think anything has been implemented to prevent or reduce the risk of this from reoccurring.


kind regards,
nusenu


-- 
https://mastodon.social/@nusenu

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays