[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] The Tor flood

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] The Tor flood
From: Andy Isaacson <adi@xxxxxxxxxxxxx>
Date: Fri, 6 Sep 2013 17:48:07 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 06 Sep 2013 20:48:19 -0400
In-reply-to: <CADYgSbnJ906vF4qnesu1+EdM1TaAi3mWvK6s6-erfqbL5J=CAw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CADYgSbnJ906vF4qnesu1+EdM1TaAi3mWvK6s6-erfqbL5J=CAw@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

On Fri, Sep 06, 2013 at 12:42:28PM -0700, David Carlson wrote:
> I think that it may be somewhat ego-centric to accept the argument that
> this apparent flood is actually directed at the Tor network.  It may be
> that the real goal is to find efficient weapons to attack the Internet as a
> whole, or major segments of it.  It may be measuring the response time of
> the Tor network as well as that of various defenders who are trying to
> disarm bot-nets.

That theory seems even more egocentric than the most likely scenario.

The traffic pattern is consistent with a botnet simply using a
<foo>.onion for their regular HTTP C&C channel, without keepalives.
Each GET results in a new hidden service rendezvous circuit.  Slow as
heck but the botnet doesn't care, and absurdly inefficient but ibid.

I'm attributing to ignorance that which does not need malice to explain.
:)

-andy
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] The Tor flood
  - From: David Carlson

Prev by Author: Re: [tor-relays] Upgrade your relay to 0.2.4.17-rc?
Next by Author: Re: [tor-relays] [ARM] Connecting to another host's control port with ARM: Connection refused.
Previous by thread: [tor-relays] The Tor flood
Next by thread: [tor-relays] Raspberry Pi / Raspbian tor 0.2.4.17-rc binary .deb packages
Index(es):
- Author
- Thread