[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Malicious Tor relays - post-analysis after two months
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] Malicious Tor relays - post-analysis after two months
- From: Mike Perry <mikeperry@xxxxxxxxxxxxxx>
- Date: Sat, 3 Oct 2020 14:20:05 -0500
- Autocrypt: addr=mikeperry@xxxxxxxxxxxxxx; keydata= mQQNBFIvu6sBIADC1JsxXSWd1k+cHamS0L5/dfcGQ3AaVbTAM+82JEO5drL3E5xD9nO2KujN IRqYClCt395S9zIZuMPTo+r5UtKQhP3g+ZxxTuZeYu0pH/7iewyE477oQzkPp04rwmMpmPxv gov9jVmtshoVu1ae+IgIr0AvcIApIcUy7q4+yT9TJwVrvF/YxJ+rUIVIZc2MkisxmSaE4q45 w0kUYxnCW0FUiO7T6G1cfRhTnLv0NipfOnpKnqm1PEwZKru7JiopuSPK1gRpdsOzGSVk8OFm uojFkl4rymA1T+HOEEA7xyD8ZDpuedGtu0JM3GFS29/4f6qoEBTQNV2OaSKB89a4KI+BFwVe 9XuLEqaeYUd2RPnQhanTWPO0s3+K5ccn2TnV8HBEGKJgU7EKuWy++k2Svspt2oAqPip6GKrh P66i40p1mcKjcVywVB7NmyR1pse/yKInzmuuuD6csFbOnPCUYVwPyyjEC5IpqZe5hPszPL1X XUwipxk/pDyDI5KzKYJxR+wuPTY9YV3tHWE9FyZDHFYOHgpQVDxlyiBxDVUHeI6hu39WzUN3 yYAssaRz9GaqQEjp0iN++X2BMmmgjkBrHSHpN7mbjtf84hMilQ7McWOeQKudedE1/z65TheU tiYS60Ybq4FIv9FOrHJt/pzHPzuv7jcdOlsLl6SbWkwwS1y+GmMRpND58ZeJMTStHcZhWxxu 9DC4fNsTEPHO44yxaIdJYkasawcf87gPSYrqeUJP/1xJDwdzzPY6wbfXQJg7w5j8qlQ7lomR uU384szOvjaN9QIboR6zvxPVZcGcUX40BVQOlglHqBIchVQQ2vROs2wkvV9qSfnauBKf8dM/ LKUgQvoNCSHqkmS+siOij19moclsvH7xRgfft3WhMapygCBNFNLRqw5iXJwlWQZ4mvwbro3K WelWzm5FqQdCfP2fMA5n53bCcOS308KllDAFK/Ljnm938PEyh4rNA9eyEazCA9WCuE+zEeIM gQPr1K/lFgGldftL7oWAtfCae+jYWyXS+1zAxEQ3QGqHLmUDYumzc30paHaGeapldkcySOc9 SLWDdpvH0V91vU17WeytQD9pGBUNURc+/v1ZNG7fRm+Ulp6K0i/eh/3rKWybx8aanu3YvcNP Uyom/CA5gBmzIATlhD8vpc95YQpV+Jv4TN4crD0EIUZDzzv1Eg5Pix8qk4R4jZ81oVvvqlOA FYq96SyPWGUL5mAMrGD+RSmzLpTNH8LUEIQ7RosFQjcHNFzF6sPuG7HR03R/aNdexFqfjsK/ qntSk+vL0jtu++lp18U6UFxbHQVr32vxFybNJwAZCmK8K+Ur2kezKkWqcQrV9jXNA4IAz+H+ KPRi2+T3Jss5ABEBAAG0N01pa2UgUGVycnkgKFJlZ3VsYXIgdXNlIGtleSkgPG1pa2VwZXJy eUB0b3Jwcm9qZWN0Lm9yZz6JBDgEEwECACIFAlIvu6sCGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAAoJECmEazxoNobMCM8f/iLOQEZk362/aUixdi/BBli1dTNjzQBU61lt4xo2U9UO CiR5o3tcON4eLboUNt/H9VNFGgc3udwtG8fI3LcI+OhCPobVVbsZQO44cN8+FOx0w1iD4DOv Vhrlpar+kIO5KOpf+zo6nkfd6WxaZQXziqTVWEeQbfvmBnlLx+ea3C9xPWOVVbesYFVnRSLD WLgIo3HGhXjQBJ4dGvJULbBdQueEfZpSG7pscFITd3QX9Wk3N27CoYt66eM2YCl5vN094p7f Sn+2w0SZXYte/rqcklvSE7uH7h0K2eqdg+uwYkkq7bLXEamgbcrVZwsFNLH6zgVZtzkJJikm qSPwHq88cgclXWne+MdAjEATa5YKPfjnX83dgJZo1N2fgtqRf6ieLnhWGPdaHPENDnU2ADhG QKADXqM4h1HiY3giS66eVzYFUN0yOrL7rp8d0ePzxZLUIxJN/fdIGEIEjuWciW4i8VLlIQDU GEDs6ULYhSmc86bd3eVSpEEi562f6knj/TZelcxu3C+CHTee/961iaefd5c+Mp5bIt+VAC5Y HyZ29MUX8GXfiQdbtuJGOrrBT/V99SvyG2Rq8I+6v0oE7MeU7QBU3LzWsZfZvQ3APOFth0d4 fLqU9H/TQAt+8lK2xcHynz7I6JW8xi6iLvA+sftb7vdO0WGOaFbHfPeL7ErlVMMF8W5ed5gT BimRm0PxV19Rq56y6v8B6DoGg9u34JetQ2odUiAy2/ttqfGohYdGSzBuP5VamF25tBeTYChL gW6L6utARQtmf8Q2ONdyPzNStrv6rVj2bMwtuPurBIx727LPgaUO6ZUMo7lC59bvR2pn4vEv x2aXdqjL3dfNs5UJ1UEvx0PNELFHZ5bStpMt3fGgh8ZDgcUrzsY9ine60qR/ujCLLMrD8RmZ ezT4/v0CkF0RJ1hEW4jjCaOT/an4dVxnqIPoNc9g/msTmYHEQusGrrVx7cmjy5ph/HJe83tq hv3TUj2UYwIllKpgTP0azu9xIvVH3qAWgnHdonSJCQi5GjPN3h0Xfk/9+nywP4R1YIuMehmZ o0RQk96aPhds2C14bBykh4gtbuVewuj6GlciAtO7VZr/ZKeAaO5gph7XVC+4jxhdsTOSYDi+ uMuZ48NmkZQRTIA82O3GagTa3WYuu4JPPmSn4C6zAZMLnpXL6gLGDIQ/HlJht/X/+ZduFB3U mfnQEeqo0Y2kxgqvpX9p4oMHKw5nkOb+T1r/f5ulGX0u2z2pPobQLas6F13wRKvg78cjbVES 7BrREwl+egljA2xEh0NYjR8y8U4bpZrseisbsju3FiaVXW/YxEVaXFdIqA9chkYBn4hNmyup hfdiSwmfhxuCFeOstFwTB0Kp2AG5Ag0EXEe6fgEQAKrVAiP+shXz6sco7hR7Vc8JmqzrovjO u9A2/q1Yr7VJy8l1gNuJJ+EcpA6cKzxMnKxjFvpX3x0bov12YSm1ZpZxLTUS1YaeZLLesFFV Aj7ziXdzcQI6GyaNScDv73QyXa196CptQp+6WKK1aZVW4lU9mhhDcdduCG2hE2bmzDWdW25t 30WoCG5iO4w/Hxrw/T3ZQxgVBN1TDoHCzHUTJUh03kLg8KJn7IZjpS/KZlesZLUkh1RI8AHU DP40gKGk2X13H9agzJxtUTG7dU5TsmPaU7PJnSG37cjYjAyRHOrclz+pWmdofUA7lPqgRBYL NCk/K7dOcinzUC0AHLp9fsMvL2MhQ/rb/9XTK4I/H92z6C/6rzw5Sg7klsdgUhOJZENwV10I XKyQivU4KbgGfJBVQtjBRrzkgNqdNSLjmNcWrBSOQF83Q5fJsljyv/iEYrO5EvLi6+vdZ19a uToh2ZPRnKpvqbLnty+a1MdRdGTcZCfg2yddXz+h4vUTXQ06Ao/g4CU8akTPgjuS4rhgJaVT +6LDWxZT7uWhzgkEq4S7PCJEOlqYAPA0MMAdmZpCs9kTMSsLZDKa+3k3akHAtS1hcwSVsBjH Rox9WEEQZUm2Zx2hoJvwOHwZDGAI8UzfjTU9FoZ2plN9Gv0RiGvgsOB6PFb3ntLdeasLof4C zGK7ABEBAAGJBnIEGAEIACYWIQTJY8IdY1ZOKxC7M1sphGs8aDaGzAUCXEe6fgIbAgUJA5mI gAJACRAphGs8aDaGzMF0IAQZAQgAHRYhBPQqJYRmijjH77zXwmYN3mRe7/FWBQJcR7p+AAoJ EGYN3mRe7/FWCEUP/jHi0SxdB2uRkXBqzYOBKo/EGF/PEX688jKRJ2H8aVopbzlSmKC55zR0 oQit6x6VdBnUYCFwoK+zjTrNwwfMrW2DjgzYUZS0D6RZuarKY908N+06dTrGpasMAfiJzQzs 7ZfhKzPdspNaR2qtz7yVrmPd5vFeVCF2/8lL0Ivi/m1JJULuIErCY7X8gV1GzMZMQv0OG9oS suk4/oR3sL/+e/nqpH4hHkuYtLLIcmLL5OqPUu2+pRIxYN/6KOMsM8uB0xgiMRPti+U3Jaoy TJXrSz+m32kbhYJ1MCD6nKrkAKfsVSnFAcFPHoa5v9e/I+lCHCjvrWa/Y3ay4UZaJfwOGvMI 90dX/yvECxO2pi9U2zICErTNxxTTHbkxu8sR7lR+NPPFsr+WO4snJ4/QVXgIMMROat72hkNM sRmkG41aqdTmTlA68YlAa2LaVxrcDXzpj8ySWKz6ZlGWHnMR1Ul6S0quoMKh2jCBGCrap7KK TuhjP+YXlj8IpQ0NZzw9gDzCzgqTdgImAFpQuCQYigY5tAT3eWSnD39aKMEEqQd/tdJI2pWw LYI6qKK8B8kpyjRfQWm2Q8GrBfskwlSUmG3mZThD6ad2rCIO8HGNPgP983MZPhdOf/9Kah2u ItURUwnp/4PZ64hAUiNR8NEqYo21GUwzfQQuE3WJNY7O7hN7DH4E0dIgAKTFNZxw1kMByMUH 6hASEFEY8TiZkIrcM1hF5yY50g0gspaORca/kXx8EisRAIyAjwI8UP+bxJxZbqyupjNxwkG0 +2vOV3RDdpx74J2zZHSkl4my2D8mIDPVZM7tb+L5vUaQ9H7RIMjNRQY130wyMqNmkZDVOX9q YEBQagXkcFLm7ieQk7GRurE5KIaq9STLOr9nJWBOxgGhV95O1TNqkvcmNaLTzSXMeQiGwnvX Bw33jO+sNHHSjmNZVcglGirDvoxXL3EcIAakJUaGn0vz15Xg1fLA0B6d7IgQoPDvE1Pr6mFh f/J/KZuvq6aaeMZ1xuB+cEem8XNSt1kfmakaLIvTXDJ3z+2KDrjj2koAyStRb4vdfoVelEu9 5VLWGLJKevIMWbmXD4GhGk80zzZe8ouu67URzU6vg3/ck7MN7OGfWruV1c/U8EoDxYxsRJX1 HmMqQg08Nz9zbCFvj7iTFDFCJgJKMbVkjm/Eto1IORWAoTfsXZtOyynk1JhGcm0OtnWf4VhX SscB3PiqUEHSsbvlqxZBPa6AqKLwLLSApg9xxBOn5TMPVIqrnXAdulTf1zhZnSrMHCioJvgH lnQyemVMyjIKkODDXTIwD8SmzfurDmYuRT1XRelEEUWY79L8+5u4R0dCMB7yEU+s10aU8xb9 0IM0qxEczW0uvE1Lhx0POOAsQ3YsCkbSgLIIhqnsLYCeuFN/r3yGiP/m/s0sTJ54P1nmi62k Y2665hexM1xm4ngjo0KxpxJ6fP4w1YmaJdUt3aR/oompTcn4TMzcvJH6jCWaXsl0n/8q3AZQ 5C6CD3i41gioLWk+gNNrtqOai1cCbq1Jz7V3SYCpjLMAXag/iVndNJ0HZrGNrBvGz6L2CQdc Ql+Mnx85MmzOyJTygw6J4IvXtQIEY5w7OhrKqx3iVR0dD3N7DMbAy3nq+kBLM+CYoEWBQ6Rb UNVZi0ROl4gn8S0Fj5WRGqmfVvlTzkm6OsnoZ/2Ckas2geBNOqFY3SXKFUfnDRUkI/X7yxrQ yakAIzZ3AW0Ul44FYIBrxSPrzsxz6n2uY2Y6aytcO0KmPMQtRhVGPl+L8jKoaLkzV1TLDHVf GimcRS3gTfI1tqn1T5+tjG4MQK8KW5Tx+v/TXIe7jy1G0SyxGx5IYWRt+AuxOy/atH4y/01h 7gQWTeIjMYMMgbdYjOweUYYqdCeK46dra3Wnyy6ToVnvhRty/ln8sYM9ig6CRcXqNNzGd/hf cccClLw4CBe7WX+dEn+V3ZPuu7P8Rp39AYJd8o1fVFG2OHBKTSuPOYNz7iKtH+Y+i/1A1Vml kmO8+qHTFGH4LY8Jzp4qJnxKVTBhb34R2OEoJecp5GfHIT3Dtcu/dBW5Ag0EXEe7EwEQAMod q+H9wWcEjKkwd8KhyWoxJYwLOR0SKWLemSOtRhsEuQwi3pv9UoJBwGBKpdV9UYUvAyFf0vg4 tBI52LPsStrgmci57YuIf+SykL4BaW+mrvz8MSNsMNsuB85cCXPeHZuEZ/Zt59eLi96qXOiw RsuA5tCg/A4ldcuFQ5G0FXcV7AGALVjdsP7VkgUcgHKlqPrTP30N0QbYOWnkPUtmVZVJ5NPW DfOanVJBz8z9KOJ+vHkurG80XPJbL2fXSRrzG7VDJXX7s0dl/0aviC1WYRJpZ3FV9uK8TJiR Fl3cC2x69g9OsUcHE9AQhKhCtpNdTm9De+HUr4hM9O5PAhLA4XV/FPoOb9huMiSk0CLPXPnP vL4f7RoSZOhRVshO8jpZwUH2SaRntqVYffFbGLPyNpYdh1uFouvfEKZhMjeLq5BiATA2CARX UjVVhB24kQ0peWE/kP9JFcoA9YHn6HZUHYlhpHEWPb6dwCzs2VbQEdbMs2Wd3+VlAz3zt83C 3WDha1BrffCbquUHlh8l37gpCoFOMXLrL7+I87rbm8MJQ4KuVGN5J6sTYF25UqSVrU43HbsB p13xoYcYEhIskDVDYgipXEXwVq9AQUDhncZhl5KxQpD0Fw+MV6GASk/fVYq2BENGgXzpUN0e 5j7+EHhsI+Y+RdIU2hfvH65mm/HOQziZABEBAAGJBDwEGAEIACYWIQTJY8IdY1ZOKxC7M1sp hGs8aDaGzAUCXEe7EwIbDAUJA5mIgAAKCRAphGs8aDaGzNsrIACSf+4SpD6l2LmBUXgq60vV OWvFOgP/2SmY7p44CT5haZDZZw5w4JylXwnoKrIMe3Z7QtqBs7P7rFlFOqt1yyyb7sG6ryD1 agCoXyo5X3yqqE6mR7V7GFyxdZfCAMqMTX0oyjfxL6ByBA4FXCsl9SHEY4b8Po6jexmJCCQj Ehw3sTwNelt10cTS5iWK/ZCeQP6e31ZeR12eH1L0aTOL4FiUk3dWGs/veBT6VMICOZo1aBMz hW4+b/l9GxmDXhdaymfy3+VSqQDChf9mto2okvsz7pH7cdDS0fgJX7oBxRI/CKxl0vXFZt8K 4fM/W/dOHSzpG49SJjKKIm77DvwUk9xGKY6Uan3JmW7vp9DX4lmfQXOgRH+YLoONKeYH50Vn HGH3WW9/bxqIJQ5GiJ1G6vB7mYQRD2OAcUoh/b1WcXbY/LgKD8ul47PCrO+y+Nd/CmnYLNUW Ha44e4q9eega+KCpdq01TPbIQREBcZZBidXSe76l9kfJQoGf6Y07Xmj1f2UXQD+8m24lOrNv apKov3qzWkeaLUQ4ndeKQ3Zpfe+CcMsmqW7qjAKrke21lZSJd5rQrPv3WQNOlDsZuvnnF3qO dMKnOkoxyT2VWllv4SCu/1uSHB9ClS0Q65MccxhizRiSEdvikHwC1rEz63Djj8AYZ/iWP2/X KvLS9tm17aQ6mdyiYT7JyiTlOpXTOr/sZOoADwEWR6YJdcv5sPKQiq3i1h3t5rNiOzqxqlaq qZoeZKKUMzIFFKRMVuyyrRBLyyGfBZ72PmdYpv8eoxqpb4ZQM2ruJRm8BzKIJi0+IkKy92L2 bRecd19tekNpgcl3NtIBPDc11MgID1QUIR+yRZ3ZJjl6KyJ+Sc83DUylJ/MsahJpGxpaO69X jscxGf1dswUMgn7ATAM1y44hlNtE6hW4dao4pn7OuUWeS7wmW+60DTdCTKMKo6OO4oqK4png BAFLv6Vs/6Lz2HCt1HTpWo87Gxrmz/5d1pzB0WhdOWDTniwJ/svLYFRkQS896Ga2hYLmx7FH 077ncZyEm8714N8btKaRFKrUXiksh8Y85agV+jkBT00sh6D2TBxGGU6LuiWylsBG3Ny3gAa2 aVMO0ONDCz0xGaunzLUkgbBRJDidhSNkmyY1mfVVOI8fBc2Uv3HtFuEikik6W03eerA65jyb uzCjSUAfUbhD4W3AnbrvSKZMUX+kdgcLRuRp1PTlX6NTj2HiC6p4EDzTuoHPL14m/tC4fCHv SKrd7SJzuW1offy08qsKGy+Nho9OmvWS/NYIpLpz4jVzrjxWgCGI8gSnK54U48/F8HLc2U+v Iy12h6NEUVyIqGVd/UbkDn3Aqx67gHaqBoYM5OxeLCd5Pu5G
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Sat, 03 Oct 2020 15:20:23 -0400
- In-reply-to: <07d5a9b7-cc3b-795d-a410-53165f63fb11@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <20200928210041.GB66837@mail.blenno.link> <v-Lefb6gnLFyOS0pg6J03DGKAmhUYKVDC8r2yRKWcnqew0XKGS7ievY0gBZ7YSFNyOOZ4BIoX3MSYP0ecbduZQ==@protonmail.internalid> <VB4WQre7UnJqicK95V3JyqrV5jB2caFDrq3WRTzre-mWTXijDrEVnjw1vb-fy6pS0QVW4h7qr-TXBi3Hwnakvg==@protonmail.conversationid> <07d5a9b7-cc3b-795d-a410-53165f63fb11@riseup.net>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
On 10/3/20 6:38 AM, nusenu wrote:
>> Me and several tor relay operator friends have questions about
>> Malicious Tor exit nodes. How do you define a node as malicious ?
>
> In the particular case (at least the initial detection): Traffic manipulation at the exit relays.
>
>> How bad is the situation now ?
>
> This group [1] is still rather active and at this point they run a 3 digit number
> of relays, but it is not the only malicious group that is active on the Tor network and
> might not even be the group I worry about the most.
>
> [1] https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
>
>> Is there any other risk than ssl
>> striping ?
>
> I think so, yes.
> The good thing about ssl-stripping attacks is, that it is easy
> to protect against and easy to detect (if you are aware). The catch is that
> most users are probably not aware.
> So when compared with all other types of attacks that malicious relays can perform,
> ssl-stripping is probably not the biggest worry.
>
>> After the long
>> discussion on the tor relay mailing list, what will be implemented as
>> a solution ?
>
> As far as I can see, nothing will change/be implemented in the near future
> at the Torproject or Tor directory authority level.
>
> for Roger's (long term) plan see:
> https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001
> linked from
> https://blog.torproject.org/bad-exit-relays-may-june-2020
>
>
>> * is there / will there be things
>> implemented as a conclusion of the "call for support for proposal to
>> limit large scale attacks" ?
>
> Nothing came out of that thread.
>
>> * has it been possible to prepare / set
>> up precautions to avoid this king of situation
>
> I don't think anything has been implemented to prevent or reduce the risk of this from reoccurring.
Unfortunately, our OODA loops[1] on all development and funding actions
are devastatingly, catastrophically long. This is due in part to slow
funding cycles, and in part due to an internal debate over Agile vs
Waterfall methodology[2]. I am in the Agile camp. I believe that Agile
will help us respond to things like this in hours, days, or at most
weeks, rather than months and years. Agile is how I ran the Tor Browser
development.
We just signed a funding proposal that covers "network health", which in
theory covers network scanning to find and respond to problems like
this. However, the funding is scoped to scalability and performance
work. It will be a little bit of a stretch to cover this type of exit
scanning too, but at least we will have Tor Project staff allocated to
this kind of work now.
The proposal took 18 months of background planning from us, ~6 months of
background research from me, and a couple months of proposal review,
with one revision round. Because of these issues on both sides, it has
literally been years since we identified this problem area, and got
funding to act on it.
The good news is we start Monday.
1. https://en.wikipedia.org/wiki/OODA_loop
2. https://www.seguetech.com/waterfall-vs-agile-methodology/
--
Mike Perry
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays