[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Someone is crawling TorHS Directories: Honeypot

To: tor-talk@xxxxxxxxxxxxxxxxxxxx, lists@xxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Someone is crawling TorHS Directories: Honeypot
From: coderman <coderman@xxxxxxxxx>
Date: Fri, 12 Sep 2014 19:10:12 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 12 Sep 2014 22:10:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=w3YD71RDI3Uyi/Md2UoMrNAocS9lg3AFuTsf9cQHkYE=; b=kePMBFmmCCyRViViwYxh39Nz67G5ONGAa3OF7lpPRlVJWb0DgIIApNsp2RwacXdK5R Jvi5r8O6iy0d3Hz/BedpBDDRd8wMwoTe0U6AjsE+VIAz+RioVjAsovfVDFVJVVDCbimd ve9q7RE3zNiycFQfSCDW9+NzmCQ/feeaQgPVi3c9Loe3UXfvKLq9phRW/5yIBYqiTLDa SRbSgt2Yl4EAtfinpqxap9AVpZXRhDTld7ymoZ+smv92x901k9BlJRwIbaYZy7nJCisu lPk5cPRyX5od+vyz68X7tc6XsH0aTyBO9l6GMod8+G5kt9EMsXTiLMQpJzVnkhdm/jec r61Q==
In-reply-to: <54134ECB.2080301@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20140911101248.4C48C290C1@scatolo> <54134ECB.2080301@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 9/12/14, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:
> ...
> about a month ago i wanted to verify if someone is actively crawling
> TorHS that are inside the memory of Tor HS directories.
>
> So, i've setup a small Tor Hidden Service Honeypot at home with unknown,
> unpublished, non-publicly-linked TorHS,

fun; this appears to be an intermittent pastime of some for near a decade now...

i would call these honeytokens, however, as it is the name you are
concerned about, not the services running at that onion. e.g. "...
configured honeytoken hidden service addresses known only to myself
and the chosen HSDir for that address." </pedant>

> ...
> It would be nice to extend this concept to proactively detect and
> identify who's running such malicious Tor Relays by logging/mapping
> every HSDir that is selected/rotated for such Tor Hidden Services.

you shouldn't assume HSDir is private in any case; and if enumeration
is truly a concern, fast flux onions is a thing.  these are location
hidden, not existence hidden :)

best regards,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- [tor-talk] keeping torcloud alive
  - From: stn

References:
- [tor-talk] Someone is crawling TorHS Directories: Honeypot
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] Tor in popular culture, more endowment and less sponsor dependence.
Next by Author: Re: [tor-talk] Hidden Services - Access control.
Previous by thread: [tor-talk] Someone is crawling TorHS Directories: Honeypot
Next by thread: [tor-talk] keeping torcloud alive
Index(es):
- Author
- Thread