[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13287 [Tor]: Investigate mysterious 24-hour lump in hsdir desc fetches

Subject: Re: [tor-bugs] #13287 [Tor]: Investigate mysterious 24-hour lump in hsdir desc fetches
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2014 17:37:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 Sep 2014 13:37:08 -0400
In-reply-to: <044.f8f89e8c7d57ae77f3e2ac2b20256ab8@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.f8f89e8c7d57ae77f3e2ac2b20256ab8@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13287: Investigate mysterious 24-hour lump in hsdir desc fetches
------------------------+------------------------------
     Reporter:  arma    |      Owner:
         Type:  task    |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.???
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  SponsorR, tor-hs
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------

Comment (by arma):

 Replying to [ticket:13287 arma]:
 > special asked me about TAP vs NTor handshakes in that period. I have
 them only in six hour chunks, but here they are:
 > {{{
 > Sep 27 17:15:38.409 [notice] Circuit handshake stats since last time:
 8147/8147 TAP, 1679/1679 NTor.
 > Sep 27 23:15:38.468 [notice] Circuit handshake stats since last time:
 83002/83004 TAP, 3420/3420 NTor.
 > Sep 28 05:15:38.710 [notice] Circuit handshake stats since last time:
 208974/208980 TAP, 3859/3859 NTor.
 > Sep 28 11:15:38.662 [notice] Circuit handshake stats since last time:
 273477/273487 TAP, 2835/2835 NTor.
 > Sep 28 17:15:38.897 [notice] Circuit handshake stats since last time:
 241216/241222 TAP, 2817/2817 NTor.
 > Sep 28 23:15:38.673 [notice] Circuit handshake stats since last time:
 126686/126717 TAP, 2637/2637 NTor.
 > }}}
 >
 > If my next entry is indeed much lower on TAP, that would argue that
 these hsdesc fetches were made by TAP-using clients, which is another vote
 for the botnet C&C theory.

 {{{
 Sep 29 05:15:38.627 [notice] Circuit handshake stats since last time:
 1113/1113 TAP, 2629/2629 NTor.
 Sep 29 11:15:38.713 [notice] Circuit handshake stats since last time:
 1271/1271 TAP, 2775/2775 NTor.
 }}}

 Looks like it matches the theory.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13287#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13287 [Tor]: Investigate mysterious 24-hour lump in hsdir desc fetches
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13286 [Tor]: Drop --disable-curve25519 ?
Next by Author: Re: [tor-bugs] #12971 [Tor]: Invalid SOCKS5 response to UDP associate request
Previous by thread: Re: [tor-bugs] #13287 [Tor]: Investigate mysterious 24-hour lump in hsdir desc fetches
Next by thread: [tor-bugs] #13288 [Tor]: bittorrent-like reciprocal routing
Index(es):
- Author
- Thread