[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Anyone else getting these? - Fwd: Tor Survey
I just got this sent to me, not sure if it is legit or not. I'm going to
assume the worst for now, thought I'd send it out here for discussion and
as a heads up for anyone who hasn't yet gotten one of these. I'm hesitant
to run anything from someone wanting to do a "study" on Tor Relays. Message
forwarded below.
-------- Original Message --------
Subject: Tor Survey
Date: Wed, 11 Jan 2012 11:47:35 +0100 (CET)
From: Marco Valerio Barbera <barbera@xxxxxxxxxxxxxxx>
To: tor@xxxxxxxxxxx
Dear Tor Relay Administrator,
my name is Marco Valerio Barbera, I am a PhD student in Computer Science
at La Sapienza University of Rome and I am currently doing a research study
on the security of the Tor Network in collaboration with Angelos Keromytis,
head of the Network Security Lab at Columbia University.
You are receiving this message because your e-mail address is associated
to the Tor Relay(s) with nickname(s) and address(es):
brwyatt1 96.226.232.75
It has recently been discovered a new DoS attack that could allow an
adversary to stop one or more Tor Relays from participating and providing
service to the Tor Network. This kind of attack poses a potential threat to
the hundreds of thousands of users around the globe that use Tor every day.
For instance, an adversary may be able to shut down a substantial part of
the Tor Network, forcing users to surf the web in a traceable way. In an
even worse scenario, an adversary may attract a big part of the data
flowing through the Tor Network to one or more malicious Tor Relays that
could, thus, cooperate in deanonymizing Tor traffic without being noticed
by the users.
The aim of our study is that of evaluating the amount of resources an
adversary would need to perform such an attack and what would be the actual
damage that the Tor Network would suffer. At the same time, we are working
on a patch to be applied to the Tor software that could mitigate this
issue.
The reason you are receiving this message is that, to improve our study,
we require some extra information about the Relay(s) you are running that,
unfortunately, is not publicly available. We would therefore like to ask a
very little, but precious, help from your side in collecting this
information and sharing it with us. Note that the information we need is
*not* related in any way with the traffic that you are relaying in this
moment or have relayed in the past, thus it cannot be directly used to
affect the privacy of the Tor users. What we are interested in is related
to the hardware characteristics (e.g., number of physical CPUs, amount of
memory) and with some of the configuration parameters of your Tor Relay
(e.g., number of processors the Tor Relay can use, bandwidth limit).
In the case you agree to help us, collecting this information won't steal
much of your precious time. In order to make it easier for you to get it,
you will find on the website linked at the end of this message a small
shell script that you can run on the Tor Relay(s) themselves or, if
possible, on another machine with the *same* hardware specs. The script
doesn't need any special (i.e., root) permission to run, it won't download
anything from the network, nor it will install any software on your
machine. We also commented it so as to make it easier for you to understand
it in case you wanted to check what is the exact sequence of operations it
will perform and information it will collect. Any data saved by the shell
script will be available in a human readable text format stored in an
output directory you will specify. We encourage you to use the public key
you will find on the bottom of this message to encrypt the data collected
by the script before sending it to us. You ca
n get the same public key on the website linked at the end of this
message. We would like to assure you that we will take extraordinary care
in protecting in the best way we can the privacy of any information you
will decide to share with us. We want also to assure you that, in the event
it will be published, any data you will provide us will be carefully
anonymized and given only in terms of aggregated statistics.
Together with the script, you will find a README file containing detailed
instructions on how to use it and how to encrypt the results before sending
them to us.
We thank you for your kind attention.
Best regards,
Marco Valerio Barbera
You can find the script and the public key in any of these locations:
https://sites.google.com/site/marcobarbera/tor-survey
http://www.dsi.uniroma1.it/~barbera/tor-survey.html
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (Darwin)
mQENBE8Fo8gBCADEwO0RNlXfTovI+LLGH8qGyRcDHycFc12URCZdol46sTPnNcrE
2w+KuIK841+QJt40tYBtE9/BT8CerQEGrEteiTIAClpltJcE+6Z04+bbS6EmDzb7
WzpxF0Tv9UrGhGCBncGvFnFbxaJQBu+5KrhJJTrW++778WTqMHoXvEw2LA9QHQB5
qaAgZbvi+2JHrXEB0Cp/OTtGXLz8uej/liifYNh8bYCYIpU8fe+7Q+1ktyPk75g3
1/bTgfywujIVxXoZyo2usSdEZ7KmrISA4E8TlCQwidK8dFEPNwREfcyVNfgrxXyS
TpMj/41KWOfymBuR+x0gfpP7eUlzUoObFkaPABEBAAG0L01hcmNvIFZhbGVyaW8g
QmFyYmVyYSA8YmFyYmVyYUBkc2kudW5pcm9tYTEuaXQ+iQE4BBMBAgAiBQJPBaPI
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAUhbbzQCoISDOaCACCtPjq
o041Z6urq8SVrlK/I659C1fbRUPVi+DJSEP3yZWIDxgwxDGopgabB/NFMwULiKOv
9WNHWydxrxsFYA/+lwbr9YxbV8ShME/pzhR6K+kbT7AGSmBOefgVfCJywh7JcGb4
kp59KKmX7EnHYEkir3HK3wX34ScPbttge1bTQfQF4bKvGcUbqStIn/rL5mGNfbeR
IFUidMF6aa1CcPIvkqD2Gs7rv9hAXFVG7/3TjrrzIAsFdXhU6UIM45jwdUnsbLiD
Jz96Qz4HLa9wNU7nuSDAqzz+t15O/Fffg55pcUB1MpFIAhVqLffGfAoGrihAylPU
aZIqc9ZJk2nr96KLuQENBE8Fo8gBCADs+hN+b/fir4mlxr9EqycYYvieuwiGWttt
ocpWuhk/MxCzCRUA2/0GWdqtgFnmygWAh6HBv0XOZS04n83XGkKMEtoSfR4KXc8m
xhtYkeSxH0FUuLE6/R9kHYcE7Eg4Jt0RO+aiCSoY4VDK7n4SpqWKoSVNYXKoYr2L
zoXQ/PGJ/7RH9RAzKZDdQ5sgKLbpXiwib8mkWYbtPhNIbW4mF5QNSG+705L0yGh4
2keiPQFRAvc8hnkcKx6OVpmxdYEVTJT1t+ViYptDhtYc8axAB2z2ZBVyeeam3AZ0
3aJcG7PbQB/dmDPAKwULEsPoNWXEDKwZP6LbGo0tTAcklAB+RBOvABEBAAGJAR8E
GAECAAkFAk8Fo8gCGwwACgkQFIW280AqCEg6UQgAwqd2TMzE01KWiafP7uIyk92l
hgVEahFPulJyeWCpbqzA+4fYtC1rT+kuoDbyHbzbkQZJEHIjGcDlPHpb1zbB7iQy
6HyKhxRQXVcGCgWbsycYbLM+lwXbOn6LFqq6I+wBaMvOpPFNipxenJfjIlXdZyjA
DSxI7SNvm+AMSfmVC0SJuTmxZGLdu8NxUohsqf6tpfspM341yQQZ2kUPGcwx/Y4d
wvei2cbtTf2jSpU+y6Bara9c7JPjPq8pNsakrFneF/4l2T3cLVI5B95SXY5XTaTI
G1VNfyebQCPUS0kKvpbHGxFl+B2STFjMMRbCpiqH3jFhBOcIrBulXhqTz5oLcg==
=OsQy
-----END PGP PUBLIC KEY BLOCK-----
---
NOTICE
This is an autonomous study, not supported neither directly nor indirectly
by the Tor Project Inc. The Tor Project Inc. is not responsible for any
content of this message.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays