[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Bots, love 'em or hate 'em?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Bots, love 'em or hate 'em?
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 8 Sep 2015 01:57:19 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Sep 2015 01:57:40 -0400
In-reply-to: <6.2.5.6.2.20150819111152.070ba478@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20150819111152.070ba478@xxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Wed, Aug 19, 2015 at 11:11:59AM -0400, starlight.2015q3@xxxxxxxxxxx wrote:
> So I'm left thinking that 95% or more of the
> bandwidth consumption and client count is from
> crusty old botnet bots running ancient versions
> of the Tor daemon.

Client count (for non guards), yes I think that's a fair guess. Bandwidth
consumption, I don't think so. Last I heard, the main set of bots running
old Tor versions were basically idle -- they try to phone home to their
onion service command-and-control center periodically, but they aren't
being used by it.

That is, the botnet operator added Tor clients to some of his infected
click fraud computers because it seemed like a good idea at the time,
but then later he decided that it wasn't a worthwhile idea.

It still adds a lot of numbers to client counts, since we estimate number
of clients by how many directory fetches happen. And it still adds a lot
of circuits, since a million or however many bots making onion service
connections periodically will soak up a lot of circuits. But I think
they use a very small amount of bandwidth each.

This ties into another fine question: how do we communicate to the next
jerk in the Ukraine that the previous one actually decided it wasn't
worth doing? I can easily imagine some new botnet operator deciding that
it's way cool so of course he should do it too. Maybe they share notes
in their underground forums. I'm not sure.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Does Setting Up a Bridge Relay Disable the Browser?
Next by Author: Re: [tor-relays] Bots, love 'em or hate 'em?
Previous by thread: Re: [tor-relays] Bots, love 'em or hate 'em?
Next by thread: [tor-relays] My VPS hoster (Zappie Host) understood!
Index(es):
- Author
- Thread