[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] detecting harmful relays

On 15 May 2011 22:57, Roger Dingledine <arma@xxxxxxx> wrote:
> On Sun, May 15, 2011 at 10:48:00PM +0200, tagnaq wrote:
>> "Not reporting version is actively harmful" [1]
>> [1] https://trac.torproject.org/projects/tor/ticket/2980
> Well, it's harmful in two ways. First is that clients will mistakenly
> ask for service from relays that don't know how to provide it, or that
> provide it in a buggy fashion. You can look through Tor's code for calls
> to tor_version_as_new_as() to see examples. Second is that the developers,
> when trying to debug something, will get misled.
>> - Is it possible to detect if someone is harming the Tor network in this
>> way?
> You could in theory scan for wrong versions, e.g. by doing requests to a
> relay and seeing how it answers. If there's no interaction that allows
> us to distinguish between a relay that has a working feature and one
> that doesn't, then is it really a bug? :)
> As for relays that don't report *any* version... I think there are
> basically none of those.
>> - Are you already running such scanners or is there the Exit Scanner only?
> We haven't needed to explore this issue much because most relays seem
> to be running the code we wrote. I think it falls into the "don't think
> about it too much until it happens, since whatever you prepared for
> isn't going to be the thing that actually goes wrong" category.
> --Roger
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

A few weeks ago, there was one that tried to give me a .bin file
whenever I tried to visit a non-SSL website, but I haven't had a
problem like that since. I always rejected the .bin file.
tor-talk mailing list