[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Exit node stats collection?
On 09/05/2013 02:08 AM, Gordon Morehouse wrote:
>> Perhaps these 1.8e+6 (standard stats) to 4.0e+6 (beta stats) new
>> Tor clients members of a botnet designed, at least in part, to
>> securely and redundantly host hidden services. The demise of
>> Freedom Hosting may have stimulated some creative thinking.
> As Asa mentioned earlier, there's no corresponding traffic on
> social media. This is something people (like me) would get yelly
> about on Twitter and such.
I wonder if grarpamp has seen a bunch of new hidden services.
>> Also, if this were a botnet, I would expect it to show up in
>> honeypots. Wouldn't its bots be easily detected, through searching
>> for Tor connections? Having the vector might be very informative.
> Tor connections are easy to find without searching, no?
I'm not sure. They might be more-or-less obfuscated.
> If the botnet's purpose is to damage Tor, it may be less likely to be
> caught with honey, so to speak. If this is a feature rollout using
> Tor for C&C to an existing or rapidly-growing botnet, I'd expect to
> hear about it soon from security researchers.
That depends. If it's drawing on random clueless Windows users, as most
botnets do, I don't see why it wouldn't show up in honeypots. If it's
not showing up, it might be a feature rollout. Or it might not really be
a physical botnet, but rather something very cleaver that looks like one.
> I have a bad feeling that this is aimed at Tor itself, given other
> recent developments e.g. in the NSA scandal, plus less recent
> developments in nationalist "cyberwarfare." Just a hunch, though.
I'm reminded of the point where the Aleph goes online in _Mona Lisa
> -Gordon M.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to