[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Malicious Tor relays - post-analysis after two months
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] Malicious Tor relays - post-analysis after two months
- From: Georg Koppen <gk@xxxxxxxxxxxxxx>
- Date: Mon, 5 Oct 2020 14:15:16 +0000
- Autocrypt: addr=gk@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFH3/woBEADHs/Q4t69Vm+mNMW0vH0Ms6HtjpzBsto/yyDAoLitmAxfMIeCuWuyuBdHR krdq9Rk5WQLYtP9eROGkuABK/UaxpLw8zkwkmqbxQ2wxytVwgonOmAFPXvPjzVy+ToJvKWJj tRGFoWwO9OEZ8q6xhVnwLUJXRQF01/XhBhU2RPzzUTHrgiY2bi6Ko34nSM8qAuidykqd/elI wE+kn4+TZ+yBC7pzwUfRK0bOqc05qtq5ooH7rYGpvdOkt9DuoFEjhLrBaL3UiP5J6D9W1Ltv 7Y239RGZyGr0wO5ClhuJwipnw6yWDt493cw4fOy7J1Lbo8dZyU4pnFIgt1Cu506/CvdQ53pR UHhCSIS/IyOiEL9PI/PPByG9UhwNQYk9U22h4MalPwa+4rZ1XA6mf5+T4QQRmghAnegPwyQw qnQzHc2ZPAal+Ill15AncyfIeMfuCLyA/TVWwQTQMzdcVwu3nljBfGOjOSTHOafBqsVlvgEo R9GB9OaTbriP7lCDJmBsgFFZ5F0m6us2pP72TpM0GMYCae7PHk7POhvcE5VJg03E3tjyQUQA zt5ZcpzjZtbcWIoYjxEJMq1Wzj0PYfZYFYZGq2lQx7xJ54gb+RlXEaKiXhDQH+EkrKZHBDWi atMbfkMWiknmn8O7VkuT4LOHsF1I9oJt1VTZ0dx2MVvk2hhs3QARAQABtCBHZW9yZyBLb3Bw ZW4gPGdrQHRvcnByb2plY3Qub3JnPokCOgQTAQgAJAIbAwULCQgHAwUVCgkICwUWAwIBAAIe AQIXgAUCUuzzUQIZAQAKCRCUNzqpS3wyI694D/90P74XiDzioGbNEH37W9P5G6unLUKp/zLf 5Ifosf6ijS5EvhKXpSXAqWu4eSpUh+i72Kr53SvzAIggWjUM61e92xt0bg4+VFaguMh6d9l0 MpDMfRJB+qoRNaDDyGk1VH9ZLBJOpTY59HcIIyg2LIMt1PHk+3npr0MnDfh/5fgyPvFRv9ZK WkKdwD4ImlqGXaxsES2pPk8tn21k7J4N8jzRAYM8oV9cMeeCbMgERilU2sRxNORs55zV6GiD A68lmwY6+OHjaKd0k+Oibs63PrTl1+P4EYBZTlXK9gSSWKiUydVP+2lQoyGVmuH0VpepEcnv zu06g+YU4TiH3f7t1chknGlEm1s872nyZo7Nd+zVDcIa4iklBMpeEsPDB6zRT7KBH+oCw5vK G+Ngjv3AO8hD2RTFHw8oAD8WPBbrOB2C9qSha/XSl7rjxTpqRillP+543xhQncC3b2x+Vk4C wlJdrjOvweMnM4xCEeg03WUeRz6a4Uuh6A9x4WZia+5Y5PrKG4GKPeBbskFdw6N0/10Gk1nF wpS42esKsrvqeltRLPzwFj0FEO+mole3y2f+iR8rJd/rik7AW9PM2YkhiF8kmcyh07GSjcCo qg7AkOJ87Bv2knZ0KYlukY5wBKK/DY55GTLGQ7w6kR/BzMOlKnru1e0+zvyZ4KijODEuaUi1 2bkCDQRfVzmeARAAlh04eN/uaPNtMyM6+9iZ1umsOst7pcrBAF26AchEb/Al7mcO1zdKXHj9 rXt3don4xUa9AJ4jTREUH5ZhkdMnLg5qCyloSBE2kG9QFfCtDOvIZSjsSyNkYuYBtqi2Z1Oz AJSTszUPJBUYXdjMIGGyHdWBOFjjZe75H1lwGGQTyXDU8j0YKbfwC03wWwQKSMKQfk/2Zehb MZqUv/Vt1Q5cFHJ9VI457x0mbLpxqy5YuBKMkBdAelf86JfGJh1DkdAgoNnmbwzi2jTAg+FK 7w35LA4ejRv+3tpSHOZOQXMApp923Kn8cx6IOskc3TZ0WHK3KQxplGKH4ff0x2uOt9tyS54+ Cy4WDpIejQF/n9eiJ9i6/cKJ0284Z5lXKFlYLCjOtTrspWyD+RPpyJTbiAAFQrSqbtXdRof7 SRw/HyucONwnccu2jAlDXioviNHGIQrbgYuHFgNjhw1S/UQ4A9lTIQnndAmqthu3amMSpveR xf9fliL/CNFhE9Fap3h+ETj23jRXABL3y176pZZC3dwBvzfVKFTsl6WP6Roz28Ebpf6bgLZs 6IY2wG+8/3Ty2wnCOCH7vpjAClYr7A5i1xU3UNXm/kKFO9Oi9bUgNClPqHxwE28EUPL8yKM7 RxFPTKnv72/dxyLjcz06ble0IvN+UzQ+4D+51zmFsN6izKci9TMAEQEAAYkCPAQYAQoAJhYh BDXNdMJKmxWhnhqBoZQ3OqlLfDIjBQJfVzmeAhsMBQkB5SgAAAoJEJQ3OqlLfDIjpckQAKOu tl3gB0oOnc88C91qKcEQtwJUzP+82Fcn9rIfa+0sK0FLGwyoo//uEqiZmvALBxFwjKiK29N0 SFTpqRh15Rng/woZIBLzWfR9Hws26oYek23dfjc4j0jCkIDWP6JEXHwNmwbU9lx6WQMqRQJW DImujhRfQdAoPbT9+3WgmvQSNNqVFyBXgEurwcNteawWgBHZRzb05d7AsP0nyrHnALZ5DP4h kdV4GfpuNddllf3NQex/2svtFiVWUYoYi5wDWyZqqq5wBWLsCJ8bCWEbogwmvs2eP/gL4hMZ JWMasyqgWPnJTN7LNqUO1IJUF7C6FTYaPyvXR3Zsg53gEflq0R5FqJTqMyQvp3omo/gC7Zjg OeYiG5ZYDsHt3nwl+2+fwVFSvFoMa/h5c9Q4Q/mL6RnrwnuEAqpF5bHkwlnTfw4AXsHEZLpP bRvscECDK+VR/Mhf1gtHoVhq0LjLyHWG0wc4pE8M0odauHtgL5TsOt9tGEDEVumt6fEjrq/+ 7IDqa1KN44i9w04epGLVUx/2ykrCEYxqqZcmtOiCDXSDLEIYiujDPV1GBBvFLQKMHkUQy2F+ /tDN8qGV+IU+lxQDr11juN0FxuOJGLCX1lJ4mhsqbvT13iTBExc/wTwfegQenr+mVdMaoUZo H6vqsTdxVLyvPJzi7/q3KYULHGnBib+HuQINBF9XOekBEACkMWU8dO+kgwCO0TdaQ78HpIr/ 0khcPyrN6zdYQFdnCBlgrvTMNrvaYxl2aB+7NmiaRkDbC9UCoFEdE80Q2laE6a+24i5lCVr0 Yr4iZWL2GWTDnBAMhA7gPuqdrs5eA/kxxQcxvk8kF0N1cbcGfmhipCHAyra2WKIyYrre3yF/ 5CeoY/xDUGXHb0hPmLqlmNja1HOmDW/AleZRy4fHwwtp2iq0OEoKCDjW8MbBZp6faLsBDjWW rLRBSQkwt3qthABSWUfYms7QfDmMb+0JUhez6PuXeeACKTyw0gwF4RVtk+FbCN53aF4knMmi mP7PeyuHHnILHDSRglaavK15PeqUjIN3Pesd+vf6FHn4AYSw4PRzF/BT+b7zYm+93iygMi6m EyvfNJOt7GOF9phW84nT4g8JWoZx5jTkG/9kqzT1myXbeHgD/CGeGwmYs8F7JWizH/K1jkDv 8zCm0AG0s7jbOMtYhDszA+nOBPwSHT01kUt6lBdVkuwe8BeZfkaWuhFr+RxEnqzWTeZhkakJ 2CfQ4QF87siPTepDYWFYVvVN3oyNQt/K4x+DB7f8Z5FAPnGdjuV6c/9ygOtV4pWdsxVRwKys zUxCWqMqejkHjfPN4aIiYl1YAdgmBemL8j17Ve2x0TEmrGhkFnwk+QCTuEWOhbZv9FSIlENj e0EfrVOLNQARAQABiQRyBBgBCgAmFiEENc10wkqbFaGeGoGhlDc6qUt8MiMFAl9XOekCGwIF CQHlKAACQAkQlDc6qUt8MiPBdCAEGQEKAB0WIQShiv5W0cxfuYY356BU7oIXOnZiBgUCX1c5 6QAKCRBU7oIXOnZiBnn0D/9qhn25/kOQ5M9U148C24ZhTkUk2enlSRrGxrJe8/1xPl2y2ljE yrJo0mXedVNw6LGFN8+whIVTCiL9nofh2KrBv5fv6C4oPqbpOa/th2UX4AN01kS6M4d03yl1 8acslMOdvaE7SZ1WK8K4iXiDzkRfRecsvNKUqSngLMyFjEMZElObACaN9DK3K6h1xBq6LYQU mh+z6pP4PGlwixYoooyf1hMH/9xjXPtxsZgU4Zhv/Iqc7CqWm69DXpMUhEDUaW0G9y7VJ+9i NNY+wxlK8ZaygxGb5C6OvoXTKpkiaf8kz7zVU5daGxa2N2vlWrcnIgQxA1lxZOwEmSA7LmuJ Q3/kYLnmvj0ndWBcWHGbg1XDyIn9olnZGIOfbEryOnJEvOOVuGBCa5eNSahmoaBj45K35E6C coXNPbBWBVPFLCmQzn+WlAtXjqUhHmxaObQfzchqp7CpVxjz4uKOg6/80NwRDGcz4ZZkwX1p UsQqLP3dGLNpQoLaqLMECiCIZmefAV7XEMoEt0Y6Dz1O0s8yhxQaonWaQXwfSAPg/M/bDpub yvTWgUHedBSa7om0uT+lGHMphG/o7DLB7ITSGy84oj7pY5OQkAi+vAhYYnKEhGZWByR48fmZ RobxBA7kHHzDcpb0Gxwo8MCtOaiiaXUiSM0YeR4QU20ebMnf6HiQyCJemDExEACvMq8Vrbm3 MMXAFHHlawXYwUmxdAqGnPn5QoH9AeHJ/le2cwoJsIi5gk8N1k310wBly8n2mLI350mLQSgx xjCsZye8C1BRFbgppa1xnFGo6qdLVFpFaIr65uA/xefsyoFtEfQExCtfGJRr5ncYaPDjB/aA Wq1c0eLkFqKjPuBZMeEPvyTCV1hY5fYDcj9tfvSuq0Yu3MCDw6aBlF9kH8P+8aI8njhhsGHy WfpSVaMwBS76IILMQOBkxYAiWfoUdIG/36XMnV9xJT+sogvWfkn2KXrAfa/d3pooYQq6KF6W KYTaondgEUCP+BYgC7XfTnqFJEIbNpOQH7+ZXzVfwkcGVQ3nsyv4Y5hqVYqTal0W7m6QyLBi tx5rAVdIHoUzdQ2OY1xymMEO/vkhyez0ZnSA+beRS1MxEYguEtLrGnZkYCQQlpjcyEt5buBD lRNGGw/5DLkxdMq3aECc1K4zxW940KDzfndtNOsvI6BJljl0siGpC4YoqEL7EycWwQcCo62b mIrYpc3tyVo2LdmG8knsx0n4v6etbaARZsIV2qjEZ+AJld1xXC+cu4K2BTF0uoFmaicSxc82 41AN0zbf0Kz/CVplvBnpW1z+DnwHENrBvixH4KztobG5hhvjWXBtF0mWBv9FaHbTvgP0HrGJ levz1tF722eA0WGH9sxnXRyn0A==
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Mon, 05 Oct 2020 10:15:46 -0400
- In-reply-to: <ca4a189a-c448-d83f-5957-5c1c9fc63fb6@torproject.org>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <20200928210041.GB66837@mail.blenno.link> <v-Lefb6gnLFyOS0pg6J03DGKAmhUYKVDC8r2yRKWcnqew0XKGS7ievY0gBZ7YSFNyOOZ4BIoX3MSYP0ecbduZQ==@protonmail.internalid> <VB4WQre7UnJqicK95V3JyqrV5jB2caFDrq3WRTzre-mWTXijDrEVnjw1vb-fy6pS0QVW4h7qr-TXBi3Hwnakvg==@protonmail.conversationid> <07d5a9b7-cc3b-795d-a410-53165f63fb11@riseup.net> <ca4a189a-c448-d83f-5957-5c1c9fc63fb6@torproject.org>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Mike Perry:
> On 10/3/20 6:38 AM, nusenu wrote:
>>> Me and several tor relay operator friends have questions about
>>> Malicious Tor exit nodes. How do you define a node as malicious ?
>>
>> In the particular case (at least the initial detection): Traffic manipulation at the exit relays.
>>
>>> How bad is the situation now ?
>>
>> This group [1] is still rather active and at this point they run a 3 digit number
>> of relays, but it is not the only malicious group that is active on the Tor network and
>> might not even be the group I worry about the most.
>>
>> [1] https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
>>
>>> Is there any other risk than ssl
>>> striping ?
>>
>> I think so, yes.
>> The good thing about ssl-stripping attacks is, that it is easy
>> to protect against and easy to detect (if you are aware). The catch is that
>> most users are probably not aware.
>> So when compared with all other types of attacks that malicious relays can perform,
>> ssl-stripping is probably not the biggest worry.
>>
>>> After the long
>>> discussion on the tor relay mailing list, what will be implemented as
>>> a solution ?
>>
>> As far as I can see, nothing will change/be implemented in the near future
>> at the Torproject or Tor directory authority level.
>>
>> for Roger's (long term) plan see:
>> https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001
>> linked from
>> https://blog.torproject.org/bad-exit-relays-may-june-2020
>>
>>
>>> * is there / will there be things
>>> implemented as a conclusion of the "call for support for proposal to
>>> limit large scale attacks" ?
>>
>> Nothing came out of that thread.
>>
>>> * has it been possible to prepare / set
>>> up precautions to avoid this king of situation
>>
>> I don't think anything has been implemented to prevent or reduce the risk of this from reoccurring.
>
> Unfortunately, our OODA loops[1] on all development and funding actions
> are devastatingly, catastrophically long. This is due in part to slow
> funding cycles, and in part due to an internal debate over Agile vs
> Waterfall methodology[2]. I am in the Agile camp. I believe that Agile
> will help us respond to things like this in hours, days, or at most
> weeks, rather than months and years.
If one has folks working on the topic, maybe. But that was and is not
the problem here. We did not have a bunch of engineers who messed up
their Waterfall model. We had and still don't have (as of me writing
this mail) anyone being assigned to work on that.
So, Agile or whatever would not have helped us in that scenario.
Georg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays