[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A month with BADONIONS


thanks for the pointer.

> This was interesting - not sure if I've missed discussion of it
> here, but I didn't find anything with a quick search.
> https://chloe.re/2015/06/20/a-month-with-badonions/
> Tl:dr; the author set up a very basic honeypot to detect
> potentially abusive guard and exit nodes, and found some. (Quelle
> surprise!)
> The claim that they reported the naughty guard nodes to Tor but
> have not seen any remediation is something which might merit a
> response, if nothing else.

The set of "15 fingerprints" contains only 7 unique fingerprints.

4 are currently (2015-06-26 08:00:00 UTC) running and don't have the
badexit flag.
3 of them signed up on 2014-04-09 but have a consensus weight < 5.

Fastest relay is 'AviatoChortler':

which signed up 2015-05-21 and has an advertised bw of 31MB/s.

Relay nicknamed 'Hackosaurusrex' appeared already previously (although
with different fingerprint):

overview table (includes reported relays that were running in the last
7 days only):

Generally speaking I don't worry to much about sniffing relays (or
upstreams), that problem is not specific to tor but I agree that it is
probably easier to sniff tor traffic than non-tor traffic for a
low-budged attacker. (I worry more about big groups of hidden families.)

@chloe: thanks for reporting them, a timeline would be appreciated and
an info to tor-talk (after you reported them to bad-relays)

@phw: did the dir authorities blacklist
09A880567B0839B4085C2EC14002DE34AAFE8548 or did it disappear on its
own? (downtime 4 days)


Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to