[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] malicious exit relays by andrejgvozdev55@xxxxxxxxx

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] malicious exit relays by andrejgvozdev55@xxxxxxxxx
From: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date: Thu, 6 May 2021 13:27:14 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 May 2021 09:27:40 -0400
In-reply-to: <56c87a63-1c28-024e-c300-17a282de9ea7@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20201031030534.GH2718@moria.seul.org> <9901dbcb-4469-9e50-594a-f3a6910dcf3c@riseup.net> <d6aadf79-d431-1233-e41c-2a4e3eecd8ee@torproject.org> <2f40b752-b652-100f-20e5-e6c79567ffef@riseup.net> <56c87a63-1c28-024e-c300-17a282de9ea7@torproject.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Georg Koppen:
> nusenu:
>>> FWIW: we kicked a bunch of relays out of the network today which might
>>> or might not contain any of those, hard to tell.
>>
>> Please publish the relay fingerprints that directory authorities remove, otherwise
>> only the malicious entities get to learn and improve since they see the
>> removal in their logfiles anyway but we tor users don't get to learn anything
>> because it remains largely invisible to us.
> 
> That's a bit tricky because potential *other* attackers might be able to
> learn things from our rejects if we are not careful. On the other hand,
> transparency is very valuable, in particular in the bad-relays area
> which is one of the least transparent areas in Tor (for good reasons,
> though, see Roger's mail[1] from a couple of years back explaining the
> dilemma we are in).
> 
> That said I think we could try publishing, with some delay, the
> fingerprints we reject after seeing them involved in attacks. For
> instance, we could have a monthly list of those fingerprints which we
> publish, as a general rule of thumb[2], at the beginning of the
> following month.
> 
> I think I'll find a place in our network-health wiki for that.

Here we go. I added the list of fingerprints for April 2021. I plan to
keep adding fingerprints monthly on the same wiki page[3], as we find
them in attacks.

Georg

> [1] https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html
> [2] There might be exceptions to that rule, though, for instance if an
> attack starts at the end of the month and is still on-going during the
> begin of the new one, or if we think the rejection is too close to the
> end of that month and thus the delay I talked about above is too short.
> In both and other cases those fingerprints will then get picked up at
> the begin of the month following after that.

[3]
https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-fingerprints-found-in-attacks

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Help with running a Tor Bridge
Next by Author: [tor-relays] New Test for Measuring the Accuracy of Tor Relays' Advertised Bandwidths
Previous by thread: Re: [tor-relays] relay monitoring
Next by thread: Re: [tor-relays] how does one file a problem report?
Index(es):
- Author
- Thread