[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit node stats collection?

On 09/05/2013 02:08 AM, Gordon Morehouse wrote:

> mirimir:
> [snip]
>> Perhaps these 1.8e+6 (standard stats) to 4.0e+6 (beta stats) new
>> Tor clients members of a botnet designed, at least in part, to
>> securely and redundantly host hidden services. The demise of
>> Freedom Hosting may have stimulated some creative thinking.
> As Asa mentioned earlier[1], there's no corresponding traffic on
> social media.  This is something people (like me) would get yelly
> about on Twitter and such.

I wonder if grarpamp has seen a bunch of new hidden services.

>> Also, if this were a botnet, I would expect it to show up in
>> honeypots. Wouldn't its bots be easily detected, through searching
>> for Tor connections? Having the vector might be very informative.
> Tor connections are easy to find without searching, no?

I'm not sure. They might be more-or-less obfuscated.

> If the botnet's purpose is to damage Tor, it may be less likely to be
> caught with honey, so to speak.  If this is a feature rollout using
> Tor for C&C to an existing or rapidly-growing botnet, I'd expect to
> hear about it soon from security researchers.

That depends. If it's drawing on random clueless Windows users, as most
botnets do, I don't see why it wouldn't show up in honeypots. If it's
not showing up, it might be a feature rollout. Or it might not really be
a physical botnet, but rather something very cleaver that looks like one.

> I have a bad feeling that this is aimed at Tor itself, given other
> recent developments e.g. in the NSA scandal, plus less recent
> developments in nationalist "cyberwarfare."  Just a hunch, though.

I'm reminded of the point where the Aleph goes online in _Mona Lisa
Overdrive_ ;)

> [1]
> https://lists.torproject.org/pipermail/tor-talk/2013-September/029841.html
> Best,
> -Gordon M.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to