[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
From: Felix <zwiebel@xxxxxxxxxxxxxxxx>
Date: Wed, 20 Dec 2017 20:48:43 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Dec 2017 14:47:39 -0500
In-reply-to: <362153A7-E3AA-43DD-B4DE-74A3D14633F0@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20171217094307.046a6cf0@example.org> <em52a06307-13e8-4df7-9678-e49ccf1e586e@mats-win7> <07E9864C-9141-4FC3-B3BE-687006C55BEE@gmail.com> <eb5eb109-c2f4-b0d9-f71d-d6c884330958@gmx.de> <362153A7-E3AA-43DD-B4DE-74A3D14633F0@gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.4.0

Hi everybody

> * if all 65535 connections on an IP were open to the Tor network, and
> * the biggest Tor Guard has 0.91% Guard probability[0], then
> * it would expect to see 597 connections.

Sorry if this is a silly question, but do we know if these are Tor
clients connecting our guards? We see many connects but not much circuits.

Could someone get state by:
openssl s_client -connect tor-guard-ip:tor-guard-orport -tls1
and establish awfull many tls connects without any circuit ?

In this case there are like 64k outbound ports available and the
necessary memory/cpu for openssl is much lower than for a regular Tor
client.

-- 
Cheers, Felix
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
  - From: teor

References:
- [tor-relays] botnet? abusing/attacking guard nodes
  - From: starlight . 2017q4
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: Logforme
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: teor
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: Toralf Förster
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: teor

Prev by Author: [tor-relays] 34c3
Next by Author: Re: [tor-relays] DoS attacks on multiple relays
Previous by thread: Re: [tor-relays] botnet? abusing/attacking guard nodes
Next by thread: Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
Index(es):
- Author
- Thread