[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
From: teor <teor2345@xxxxxxxxx>
Date: Thu, 21 Dec 2017 07:48:21 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Dec 2017 15:48:40 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=mbT+LRRlcS5Qo0FjYiWIAqx844CC9DlJmqiUyXoa6t0=; b=C0VEGNAqlAzb057A27jVutG410u51WQt9UTc5kVtawIA6bJLtWc/3M/Z3QDq8bpRF9 /KcjijHdfEg4LyHp75XeB2QhVImQNqh+JbrHi8BhEu0vGACKypHbDNcou/DRYWD1Fhwe xqaNrgt9embuOrHOfP/yFREKoxd5XLBBbrjk3qcN06AllujrkuVyFaJ6un5LgItzB4SH xF1LBHDeSqjiFsyLswGl1Fo3BH6RJBAffMYoDCwBY8dQXjxyT3y3QwNj/wTzQLzIBEjf XEje6Ag6qy+ppfUwFk341p8IAa9G3oZqgNDikWqsw4DCUGiFG63QFnGmu29AIkgjDPbB UTTw==
In-reply-to: <5A3ABE9B.1080701@quantentunnel.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20171217094307.046a6cf0@example.org> <em52a06307-13e8-4df7-9678-e49ccf1e586e@mats-win7> <07E9864C-9141-4FC3-B3BE-687006C55BEE@gmail.com> <eb5eb109-c2f4-b0d9-f71d-d6c884330958@gmx.de> <362153A7-E3AA-43DD-B4DE-74A3D14633F0@gmail.com> <5A3ABE9B.1080701@quantentunnel.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 21 Dec 2017, at 06:48, Felix <zwiebel@xxxxxxxxxxxxxxxx> wrote:

Hi everybody

* if all 65535 connections on an IP were open to the Tor network, and
* the biggest Tor Guard has 0.91% Guard probability[0], then
* it would expect to see 597 connections.

Sorry if this is a silly question, but do we know if these are Tor
clients connecting our guards? We see many connects but not much circuits.

Some of us have analysed the details of this attack on our relays.

The clients perform SSL, the Tor link protocol, and parts of the circuit protocol.

Are they real Tor clients? Possibly not.

We're working on a fix, please see this email for details:

https://lists.torproject.org/pipermail/tor-relays/2017-December/013881.html

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] botnet? abusing/attacking guard nodes
  - From: starlight . 2017q4
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: Logforme
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: teor
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: Toralf Förster
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: teor
- Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
  - From: Felix

Prev by Author: Re: [tor-relays] Relay Search bandwidth graph update issue
Next by Author: Re: [tor-relays] restarting tor service after AccountingMax has been reached
Previous by thread: Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
Next by thread: Re: [tor-relays] botnet? abusing/attacking guard nodes
Index(es):
- Author
- Thread