[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Someone is crawling TorHS Directories: Honeypot
On 9/12/14, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:
> ...
> about a month ago i wanted to verify if someone is actively crawling
> TorHS that are inside the memory of Tor HS directories.
>
> So, i've setup a small Tor Hidden Service Honeypot at home with unknown,
> unpublished, non-publicly-linked TorHS,
fun; this appears to be an intermittent pastime of some for near a decade now...
i would call these honeytokens, however, as it is the name you are
concerned about, not the services running at that onion. e.g. "...
configured honeytoken hidden service addresses known only to myself
and the chosen HSDir for that address." </pedant>
> ...
> It would be nice to extend this concept to proactively detect and
> identify who's running such malicious Tor Relays by logging/mapping
> every HSDir that is selected/rotated for such Tor Hidden Services.
you shouldn't assume HSDir is private in any case; and if enumeration
is truly a concern, fast flux onions is a thing. these are location
hidden, not existence hidden :)
best regards,
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk