[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit node stats collection?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Exit node stats collection?
From: mirimir <mirimir@xxxxxxxxxx>
Date: Thu, 05 Sep 2013 02:50:56 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Sep 2013 22:56:36 -0400
In-reply-to: <5227E790.9070106@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20130904003431.1ae14e42@natsu> <522641CD.9020702@xxxxxxxxxx> <b9acdb87-29c1-4978-a955-8ea7a828702f@xxxxxxxxxxxxxxxxx> <52264C26.9010206@xxxxxxxxxxxxxx> <522650F2.4030308@xxxxxxxxxx> <5226572F.40408@xxxxxxxxxxxxxx> <52265D6C.3050709@xxxxxxxxxx> <52276A7B.70302@xxxxxxxxxxxx> <52276EE3.9090301@xxxxxxxxxxxxxx> <52279481.2010805@xxxxxxxxxx> <5227E790.9070106@xxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8

On 09/05/2013 02:08 AM, Gordon Morehouse wrote:

> mirimir:
> [snip]
>> Perhaps these 1.8e+6 (standard stats) to 4.0e+6 (beta stats) new
>> Tor clients members of a botnet designed, at least in part, to
>> securely and redundantly host hidden services. The demise of
>> Freedom Hosting may have stimulated some creative thinking.
> 
> As Asa mentioned earlier[1], there's no corresponding traffic on
> social media.  This is something people (like me) would get yelly
> about on Twitter and such.

I wonder if grarpamp has seen a bunch of new hidden services.

>> Also, if this were a botnet, I would expect it to show up in
>> honeypots. Wouldn't its bots be easily detected, through searching
>> for Tor connections? Having the vector might be very informative.
> 
> Tor connections are easy to find without searching, no?

I'm not sure. They might be more-or-less obfuscated.

> If the botnet's purpose is to damage Tor, it may be less likely to be
> caught with honey, so to speak.  If this is a feature rollout using
> Tor for C&C to an existing or rapidly-growing botnet, I'd expect to
> hear about it soon from security researchers.

That depends. If it's drawing on random clueless Windows users, as most
botnets do, I don't see why it wouldn't show up in honeypots. If it's
not showing up, it might be a feature rollout. Or it might not really be
a physical botnet, but rather something very cleaver that looks like one.

> I have a bad feeling that this is aimed at Tor itself, given other
> recent developments e.g. in the NSA scandal, plus less recent
> developments in nationalist "cyberwarfare."  Just a hunch, though.

I'm reminded of the point where the Aleph goes online in _Mona Lisa
Overdrive_ ;)

> [1]
> https://lists.torproject.org/pipermail/tor-talk/2013-September/029841.html
> 
> Best,
> -Gordon M.
> 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Exit node stats collection?
  - From: BM-2D9WhbG2VeKsLCsGBTPLGwDLQyPizSqS85
- Re: [tor-talk] Exit node stats collection?
  - From: grarpamp

References:
- [tor-talk] Exit node stats collection?
  - From: Roman Mamedov
- Re: [tor-talk] Exit node stats collection?
  - From: mirimir
- Re: [tor-talk] Exit node stats collection?
  - From: Elrippo
- Re: [tor-talk] Exit node stats collection?
  - From: Moritz Bartl
- Re: [tor-talk] Exit node stats collection?
  - From: mirimir
- Re: [tor-talk] Exit node stats collection?
  - From: Moritz Bartl
- Re: [tor-talk] Exit node stats collection?
  - From: mirimir
- Re: [tor-talk] Exit node stats collection?
  - From: The Doctor
- Re: [tor-talk] Exit node stats collection?
  - From: Moritz Bartl
- Re: [tor-talk] Exit node stats collection?
  - From: mirimir
- Re: [tor-talk] Exit node stats collection?
  - From: Gordon Morehouse

Prev by Author: Re: [tor-talk] Exit node stats collection?
Next by Author: Re: [tor-talk] Many more Tor users in the past week?
Previous by thread: Re: [tor-talk] Exit node stats collection?
Next by thread: Re: [tor-talk] Exit node stats collection?
Index(es):
- Author
- Thread