[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] traffic pattern indicates MITM?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] traffic pattern indicates MITM?
From: ea <ea@xxxxxxxxxx>
Date: Mon, 19 Nov 2012 10:29:18 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 19 Nov 2012 10:38:35 -0500
In-reply-to: <20121119150935.2137b610@numenor>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAEYCsr59EA8YY9CzWzPeh0_i_4Jb9t8V4b3EhzEX4SOGcsEm+Q@xxxxxxxxxxxxxx> <20121119150935.2137b610@numenor>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2

For four days the BW graph and usage table of my bridge indicated
noticeable traffic and then the graph dropped precipitously  to near
zero & the table shows no recent usage. Vidalia/tor are working fine. I
did try rebooting my router-modem gateway last night, but as far as I
could monitor it, the traffic has still been near zero (maybe a few KB
every hour or so). If I'm reading it correctly, onionoo is showing that
the bridge is still published.

I'm not complaining about this pattern, but wondering if the abrupt
drop-off in traffic for a still-published bridge is diagnostic of MITM
activity. Maybe there's a way to further monitor my bridge from within
the network? If MITM is suspected, should I shut down the bridge for a
day or so?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] traffic pattern indicates MITM?
  - From: Aaron

Prev by Author: Re: [tor-relays] Deploy relays using hidden exit IP's?
Next by Author: [tor-relays] setting up a Tor exit node
Previous by thread: [tor-relays] Tor marked as "enforced" process in Apparmor, but also "unconfined"
Next by thread: Re: [tor-relays] traffic pattern indicates MITM?
Index(es):
- Author
- Thread