[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Suspicious Circuits
- To: <or-talk@xxxxxxxxxxxxx>
- Subject: Suspicious Circuits
- From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>
- Date: Sun, 9 Dec 2007 21:19:53 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 10 Dec 2007 00:20:18 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:x-mimeole; bh=Zz3uGUoy2zR4zwY9cDPwhwPU4/Erw8NdO5E4JrBB/UM=; b=LQb7qeXOnhvWk1fO67zqbX9VdyIkqx+2JwTtnEf/NzbyuEtzVR+pC75f2HMMiVCl9snKvoLTdGb14wRAAlrAUWnVnOwT8SnkJvHWdaNHT2QgZzRCMR8T+3dCJf54Ih5hZMTKT9YgODrUqHCSQfkK/MWvKhNOmfbO4BcVA2ETF+Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:x-mimeole; b=vGldMqXsi4pC0F8Ld1j6TdS8QTt8KSkcjCRt8TjDDdD0rs+9lR4lKlSLlr0GCBzvsJZXyd/si34oI6BCztE3lonR94/bdMLWBynY1Ac3GFJO1KAVOptvRJLCXU8OgIohertplhRZ5T7h9Y1RLUuqFnsH5WZon6QT46YZV+l7SGQ=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- Thread-index: Acg67Es9ADiz2/oeTy6GOHibYFUXGQ==
I've been having problems getting to hidden services the last couple of
days.
I noticed something odd in Vidalia the other day, but it was gone before I
could take a screenshot.
However this evening, I was having a lot of problems with .onion addresses,
and Vidalia was showing several (more than 6) nodes in a circuit almost
every time I tried to reach any hidden service, including my own.
Here are some cropped screenshots of the circuits as shown in Vidalia.
http://www.janusvm.com/pub/bad-1.jpg
http://www.janusvm.com/pub/bad-2.jpg
http://www.janusvm.com/pub/bad-3.jpg
http://www.janusvm.com/pub/bad-4.jpg
http://www.janusvm.com/pub/bad-5.jpg
http://www.janusvm.com/pub/bad-6.jpg <--- VERY INTERESTING
These circuits have more than 3 nodes, and as shown in the picture, has the
same node more than once in the circuit. Correct me if I'm wrong, but I
thought circuits are not allowed to have the same node more than once.
I noticed three nodes in a set, and three different sets acting this way.
=========================================================================
$443BAA7BE006A904179DD35013F788F1DDD275E5 - askatasuna 216.195.133.27
$847B1F850344D7876491A54892F904934E4EB85D - tor26 86.59.21.38
$99BDCC9E80D4E77E2357B77142E4023CE0D12B5A - Qba20070825pl 195.34.208.22
=========================================================================
$CCD030D151A5BAC14D49C77386EC33FF99EAE580 - paperoga 213.203.146.95
$B2CF35C7DF36E7FFC60CCC67D3189FE09E1E4E4A - univac 217.230.243.147
$08101AD124C3B10E2F1F18DF2B51F4901E385170 - SEC 192.42.113.248
=========================================================================
$376FF360B98C07F84E90D3A26831223440C11062 - chaoscitytor 85.25.52.40
$A0DD5DC19A0ED1692EB6663684D04A2ABD3D491B - shadow 24.29.193.226
$3AD690A220A316B08FBFBACF8757C92DA0033B57 - mushin 18.152.2.242
=========================================================================
What I found even more disturbing, 'tor26' (bad-6.jpg) seemed to be
participating in whatever was going on. Isn't this a DA!?
So does anyone have a clue as to what is going on? Is this an attack on
hidden services??
I added the following line to my torrc configs and everything seems to work
well now.
ExcludeNodes
$443BAA7BE006A904179DD35013F788F1DDD275E5,$847B1F850344D7876491A54892F904934
E4EB85D,$99BDCC9E80D4E77E2357B77142E4023CE0D12B5A,$3AD690A220A316B08FBFBACF8
757C92DA0033B57,$B2CF35C7DF36E7FFC60CCC67D3189FE09E1E4E4A,$08101AD124C3B10E2
F1F18DF2B51F4901E385170,$376FF360B98C07F84E90D3A26831223440C11062,$A0DD5DC19
A0ED1692EB6663684D04A2ABD3D491B,$CCD030D151A5BAC14D49C77386EC33FF99EAE580
- Kyle