[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Large spike in .onion addresses - port scan?
On Sat, Feb 20, 2016 at 02:28:37AM -0600, CANNON NATHANIEL CIOTA wrote:
> With the large sudden spike in hidden services addresses, any way to
> view what the newly registered .onion addresses are or at least a
> list of hidden services during the suspected time frame?
No, there is no easy way to do this. That's because there is no central
repository of onion addresses. There are services like Ahmia that try to
enumerate what they can, by looking at various sources like the content
on a set of known onion sites. But that only lets you learn about sites
that wanted to let you find out about them.
This is actually a really complicated topic, because there are a wide
variety of ways of learning about onion addresses, each of which has
its own ethical questions around how invasive you have to be. For
example, you can get them by Googling for .onion addresses (probably
fine), or by being Verizon or Comcast and spying on the people who
use your DNS servers (not so fine), or by running Tor relays and spying
on the hidden service descriptors that people upload (not fine).
This complexity is why I picked this topic to illustrate the "guidelines
for doing your Tor research safely" part of our 32c3 talk: see the part
a bit after the 29 minute mark of
https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think
> If so I would love a copy of the list so I can do a fingerprinting
> and port scan on the .onion addresses to try to determine purpose.
In fact, there appear to be some for-profit startups who are trying
to make money from doing exactly this (and then scaring companies with
"dark web" fud and selling the onion lists to the scared companies).
The long-term answer is some architecture improvements so there are
fewer points in the protocol where attackers can collect things that
users meant to keep private:
https://blog.torproject.org/blog/hidden-services-need-some-love
(see the "Attacks by Hidden Service Directory Servers" section)
https://trac.torproject.org/projects/tor/ticket/8106
--Roger
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk