[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Google Compute Engine rejected as relay?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Google Compute Engine rejected as relay?
From: Philipp Winter <phw@xxxxxxxxx>
Date: Fri, 21 Aug 2015 13:40:39 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Aug 2015 13:40:57 -0400
In-reply-to: <CAM8WWJD-v_Ar-YigNcvc1on=EjTYJ8yWEK9FJB520k6coveMeA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
References: <CAM8WWJD-v_Ar-YigNcvc1on=EjTYJ8yWEK9FJB520k6coveMeA@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Aug 19, 2015 at 10:00:54PM -0700, Greg wrote:
> I tried to spin up a relay on GCE a few days ago, and I found that it was
> outright rejected with a message like "Authdir is rejecting routers in this
> range". I don't have the IP handy now, but I could easily get another
> ephemeral IP.
> I thought I came across a thread saying that there was an attack on the tor
> network originating from GCE, and that's why it got blacklisted. I'm not
> finding that thread now. But is GCE going to be removed from the blacklist?
> I realize it's not a very economical place to run a relay.

I wonder if we wouldn't be better off with GCE remaining blocked.  Cloud
platforms seem quite popular among attackers -- presumably because they
can quickly give you a large number of disposable machines.  Naturally,
there will also be benign relays running on cloud platforms.  We might
have to do some number crunching to ponder if the benefit of having
these benign relays outweighs the potential harm of attackers being able
to use GCE et al.

Second, and perhaps less obvious, Google is already in a privileged
position as many exit relays use Google's public DNS server as resolver.
If GCE machines end up being guard relays, Google might be able to
correlate some DNS requests of the Tor clients that end up selecting GCE
guards.

Cheers,
Philipp
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Google Compute Engine rejected as relay?
  - From: grarpamp

References:
- [tor-relays] Google Compute Engine rejected as relay?
  - From: Greg

Prev by Author: Re: [tor-relays] BoingBoing: What happened when we got subpoenaed over our Tor exit node
Next by Author: Re: [tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")
Previous by thread: Re: [tor-relays] Google Compute Engine rejected as relay?
Next by thread: Re: [tor-relays] Google Compute Engine rejected as relay?
Index(es):
- Author
- Thread