[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have checked the whois records for the IP addresses of the outdated
relays which you earlier advised and found their providers. Opened
support requests and sent them a message.
Records were as follows:
93.174.90.30 support@xxxxxxxxxxx noc@xxxxxxxxxxx
82.165.197.129 support@xxxxxxxxx support@xxxxxxxxx
91.205.172.16 SUPPORT@xxxxxxxxxx
These 2 are in online.net network where they don't provide an email
address, you need account registered with them to contact them. Maybe
someone with account there can open a ticket and send the draft letter
provided below?
IPs of Online.net relays which need contacted (to include so they will
know which customers to notify):
195.154.243.53
195.154.226.66
Dear Provider,
I am a Tor supporter (www.torproject.org). I contact you with a request:
I have identified your customer with IP address <IP> runnig a Tor
relay to help the network (very nice) but unfortunately running an
outdated version for which we have a security CVE and there is a patch
available. Latest Tor release is 0.2.4.23 and your customer needs to
upgrade to this one. Patching the relay is a good practice which will
make the network safer. The bug discovered IS NOT CRITICAL so there
are no serious security threats (no cause to panic), but updating is
always better.
The reason I am contacting you (the provider) is that your customer
has not provided valid contact information in his Tor relay settings.
Can you please kindly forward this notification to your customer and
confirm that it was done? It is in the benefit of everyone, so it
won't get anyone annoyed.
I am sending you this message as an individual Tor supporter and not
on behalf of Torproject.org to which I am in no way related other than
supporting the network as a volunteer.
Thank you in advance for your cooperation and sorry for the approach
but I have no other way to reach your customer.
On 9/19/2014 12:00 AM, Nusenu wrote:
> (if you are on the CC list of this email you are probably one of
> the tor relay operators running one of the 10 fastest vulnerable
> [CVE-2014-5117] relays on the tor network. Please upgrade your tor
> relay)
>
>> The tor network is currently at 64% of the bandwidth being served
>> by relays running a recommended version according to
>> torstatus.blutmagie.de. I updated a previous metrics feature
>> request so we might see nice graphs about patching progress in
>> the future [2].
>
> Since we are seeing active RELAY_EARLY attacks again (or new buggy
> tor implemantations) I was wondering what the current update stats
> look like.
>
> ~85%* of the tor network's bandwidth is provided by patched
> relays. (~66% 0.2.4.23, ~11% 0.2.5.6-alpha, ~7% 0.2.5.7-rc)
>
> *) according to data from torstatus.blutmagie.de
>
>
> 10 fastest relays still running a vulnerable version:
>
> https://atlas.torproject.org/#details/EC98311F9EC02BEAA183651CE8402249CD036D0A
>
>
https://atlas.torproject.org/#details/D1271A1E15C568DA709D3A1E68188EEAE8DDB834
> https://atlas.torproject.org/#details/12AD30E5D25AA67F519780E2111E611A455FDC89
>
>
https://atlas.torproject.org/#details/1B9FACF25E17D26E307EA7CFA7D455B144B032E5
> https://atlas.torproject.org/#details/2F57987F3942BA0BBD706D623F1FF86A896842C2
>
>
https://atlas.torproject.org/#details/379FB450010D17078B3766C2273303C358C3A442
> https://atlas.torproject.org/#details/935BABE2564F82016C19AEF63C0C40B5753BA3D2
>
>
https://atlas.torproject.org/#details/B83DC1558F0D34353BB992EF93AFEAFDB226A73E
> https://atlas.torproject.org/#details/104A9453FD93BDBEAE9E2024898266AD2051A1BD
>
>
https://atlas.torproject.org/#details/C11650E31F83E149C855D574B3171CC9CF9BEE19
>
> _______________________________________________ tor-relays mailing
> list tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUG1JpAAoJEIN/pSyBJlsRbgQH/0k2+9+U2EbVomPdMPvOvi94
wLcI7wGe7dUeOGHh746+0cZvUi5EtCX4T4JjeP8iUY0+uMiIw+iCcBekQNzSjieW
l78++e3HZ1e5CNZIJjAPRt1fPbba87DVF2ms8SjVCClDSjPxeSC7QZpNtNQonDIK
QZ7JZyNi0zn+nffd3i32pSh5YWJoIbI2GbF1RYNJwq906XuvFfagNokDZnRB56ko
bx2CPPWxVWLN5K9pkH4WXRaFCaX0o2KkijU+KvU+rsT3ukIWMhahIT19lX+mIzTA
KX08C42sH0V8+IxCjjWq6+wAaGj3EPRT4JyAaDAerB2cCqs3qMDMupMxUGxHvnQ=
=PpB0
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays