Hi, thanks for the pointer. > This was interesting - not sure if I've missed discussion of it > here, but I didn't find anything with a quick search. > > https://chloe.re/2015/06/20/a-month-with-badonions/ > > Tl:dr; the author set up a very basic honeypot to detect > potentially abusive guard and exit nodes, and found some. (Quelle > surprise!) > > The claim that they reported the naughty guard nodes to Tor but > have not seen any remediation is something which might merit a > response, if nothing else. The set of "15 fingerprints" contains only 7 unique fingerprints. 4 are currently (2015-06-26 08:00:00 UTC) running and don't have the badexit flag. 3 of them signed up on 2014-04-09 but have a consensus weight < 5. Fastest relay is 'AviatoChortler': https://atlas.torproject.org/#details/5C83EF015106B21132BC602639FAF8D693330A7C which signed up 2015-05-21 and has an advertised bw of 31MB/s. Relay nicknamed 'Hackosaurusrex' appeared already previously (although with different fingerprint): https://lists.torproject.org/pipermail/tor-talk/2015-June/038061.html overview table (includes reported relays that were running in the last 7 days only): https://raw.githubusercontent.com/nusenu/tor-network-observations/master/2015-06-20_badexits_reported_by_chloe.txt Generally speaking I don't worry to much about sniffing relays (or upstreams), that problem is not specific to tor but I agree that it is probably easier to sniff tor traffic than non-tor traffic for a low-budged attacker. (I worry more about big groups of hidden families.) @chloe: thanks for reporting them, a timeline would be appreciated and an info to tor-talk (after you reported them to bad-relays) @phw: did the dir authorities blacklist 09A880567B0839B4085C2EC14002DE34AAFE8548 or did it disappear on its own? (downtime 4 days) thanks
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk