[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Exit node connection statistics
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Exit node connection statistics
- From: Dawney Smith <dawneysmith@xxxxxxxxxxxxxx>
- Date: Fri, 18 Jul 2008 15:05:53 +0100
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 18 Jul 2008 10:06:38 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=dH7CKxMuUm96iA0L0H3Ejzr5PTa0Wozi3ckkAa9hVgA=; b=Wf2ucZgIn1p0P+HPX/EQzCkis7tzhEdpSB2rcYrCLNbUALXqOdN/CJMRBplogvV2iR MdsfgSbubbtOhC/v3gB7+LjK50htL1D8Jsfqb8Zniuk76U4n5dtGJnsY7HUcR0mz6aZN Wq3nr02Zc1iV+resb4JZPbw1nfUWnVZ/4YyuA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=BxlttnOyqPPsSABsCydjvlG8u4Arf8K2HU2aaQMVMmHwHWsDKU0Gjo6gtWPxxX8Pzz C9PWSuZiFJdq487LDg8WsufHaHTnLUO/TwW5fX2uurDSYzopgd1ZRX9OY/WZ9uA+btUq Qi+vjxriIiOMtzuuy+9GpcfHuDDHm9NGdLg5U=
- In-reply-to: <549-04850@xxxxxxxxxxxxxx>
- Openpgp: id=5D6281F2
- References: <549-04850@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 184.108.40.206 (X11/20080505)
-----BEGIN PGP SIGNED MESSAGE-----
Figuring out which exit node you are should be fairly trivial. There are
about 1000 exit nodes that exit on port 80, and you are one of them.
If I just send loads of http requests through half of those exit nodes
to my own server one day and then check if my IP appears on your
webpage, I've halved the number of possible exit nodes you are. If I
then halve it again and repeat this every day, it should only take about
a week and a half. I'll start with a possibility of 1024 exit nodes just
for ease of maths:
Day 1 : Test 512 of the 1024 remaining exit nodes
Day 2 : Test 256 of the 512 remaining exit nodes
Day 3 : Test 128 of the 256 remaining exit nodes
Day 4 : Test 64 of the 128 remaining exit nodes
Day 5 : Test 32 of the 64 remaining exit nodes
Day 6 : Test 16 of the 32 remaining exit nodes
Day 7 : Test 8 of the 16 remaining exit nodes
Day 8 : Test 4 of the 8 remaining exit nodes
Day 9 : Test 2 of the 4 remaining exit nodes
Day 10: Test 1 of the 2 remaining exit nodes - Success
This process becomes quicker if you have more than 1 ip to test with.
I'm making the assumption that it can't be that difficult to send enough
http requests to get to the 100th or above place on your list. You don't
publish total number of connections, only percentage of total, but it
seems likely to me that the number of connections made to the site that
is number 100 on your list should be easy to exceed.
I'm not going to bother of course, because I don't care that much. But
just so you know, don't use that same onion address for anything that
*needs* to be anonymous, because it wont be.
> I don't know if somebody did this before, but I think it is quite interesting, to which hosts most of the exit connections go to. So I set up a statistics script creating a list of the top 100 hosts each day to which Tor users connect to over my node (only for ports 80 and 443).
> Besides just being interesting, this can also show potential security problems on the top hosts which are being exploited over Tor. For example, during the last weeks rapleaf.com was always at the top, and they keep a huge email-address database. This is probably no incident.
> The log data necessary for this is being deleted after one day not to compromise the anonymity of the users.
> I decided to make this accessible through a hidden service only, since I don't want to influence the exit node usage behaviour. This is the address:
> If you think this is a stupid idea or you have ideas for other interesting stats and for any other comment you can reach me by mplsfox02_AT_sneakemail_DOT_com. I don't know how long I will stay subscribed with or-talk, since I just wanted to seed the information. Spread it as you like.
> a Tor exit node operator.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----