[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 25 tbreg relays in directory

On Mon, Apr 27, 2009 at 05:27:38AM -0500, Scott Bennett wrote:
>      torstatus currently shows 25 different relays that are all named "tbreq"
> and appear to be in China.  I wonder whether these are due to some benighted
> user restarting tor after clearing its key files every time, or whether there
> may be several that are all owned by one organization.  All but four are
> marked as being "offline".

Interesting question.

moria1 currently has 368 descriptors from relays with the nickname
"tbreg", with 272 unique IP addresses. moria1 is voting about 67 distinct
tbreg relays, and it believes 15 of them are Running.

The other interesting feature is that they all say

platform Tor (r15383) on Windows XP Service Pack 2 [workstation] { terminal services, single user}

But the identity keys are generally different.

So it looks to me like somebody created a "ready-made" Tor relay image,
and has a lot of people running it. The only reason we're noticing at
all is because their relay image sets the nickname to tbreg.

Now, is this because of a massive Chinese conspiracy to flood the Tor
network with a block of centrally controlled Windows relays, or is it a
whole lot of excited Tor users in China who really want to help out but
don't realize that they're using an insecure and old version of Tor? You
decide. :)