[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Exit node connection statistics

Hash: SHA1

Figuring out which exit node you are should be fairly trivial. There are
about 1000 exit nodes that exit on port 80, and you are one of them.

If I just send loads of http requests through half of those exit nodes
to my own server one day and then check if my IP appears on your
webpage, I've halved the number of possible exit nodes you are. If I
then halve it again and repeat this every day, it should only take about
a week and a half. I'll start with a possibility of 1024 exit nodes just
for ease of maths:

Day 1 : Test 512 of the 1024 remaining exit nodes
Day 2 : Test 256 of the  512 remaining exit nodes
Day 3 : Test 128 of the  256 remaining exit nodes
Day 4 : Test  64 of the  128 remaining exit nodes
Day 5 : Test  32 of the   64 remaining exit nodes
Day 6 : Test  16 of the   32 remaining exit nodes
Day 7 : Test   8 of the   16 remaining exit nodes
Day 8 : Test   4 of the    8 remaining exit nodes
Day 9 : Test   2 of the    4 remaining exit nodes
Day 10: Test   1 of the    2 remaining exit nodes - Success

This process becomes quicker if you have more than 1 ip to test with.

I'm making the assumption that it can't be that difficult to send enough
http requests to get to the 100th or above place on your list. You don't
publish total number of connections, only percentage of total, but it
seems likely to me that the number of connections made to the site that
is number 100 on your list should be easy to exceed.

I'm not going to bother of course, because I don't care that much. But
just so you know, don't use that same onion address for anything that
*needs* to be anonymous, because it wont be.

- --

mplsfox02@xxxxxxxxxxxxxx wrote:
> Hi,
> I don't know if somebody did this before, but I think it is quite interesting, to which hosts most of the exit connections go to. So I set up a statistics script creating a list of the top 100 hosts each day to which Tor users connect to over my node (only for ports 80 and 443).
> Besides just being interesting, this can also show potential security problems on the top hosts which are being exploited over Tor. For example, during the last weeks rapleaf.com was always at the top, and they keep a huge email-address database. This is probably no incident.
> The log data necessary for this is being deleted after one day not to compromise the anonymity of the users.
> I decided to make this accessible through a hidden service only, since I don't want to influence the exit node usage behaviour. This is the address:
> http://ob44yuhbyysk5xft.onion
> If you think this is a stupid idea or you have ideas for other interesting stats and for any other comment you can reach me by mplsfox02_AT_sneakemail_DOT_com. I don't know how long I will stay subscribed with or-talk, since I just wanted to seed the information. Spread it as you like.
> Regards,
> a Tor exit node operator.

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org