[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Bots, love 'em or hate 'em?
This is curious: Appears a large number of Tor
client-bots have set
UseEntryGuards 0
From current relays that have never had the guard flag:
extra-info moep DA8C1123CDB3ACD3B36CD7E7CEFBEA685DED2276
entry-ips us=360,de=296,fr=232,it=192,es=160,jp=104,ru=104,br=96,ir=96. . .
extra-info motor BBBBBAD453263D786EC34AB68A06214288910345
entry-ips us=392,de=352,fr=344,it=312,es=248,ru=136,br=128. . .ir=104. . .
extra-info BaconPancakes B5882F8BA0AA89BCA4101A893A6116006D229496
entry-ips de=832,us=800,fr=776,it=776,es=600,br=336,pl=304,gb=296. . .
And reaching back in time to a fast relay
at birth, twelve hours prior to receiving
the initial Guard flag assignment:
consensuses-2014-04/21/2014-04-21-23-00-00-consensus
====================================================
r bauruine202 9Zbhse+Y4d273JNNtyKvVAaYaPY yp4BOAjicQhv1Pb1RMAzbejupVw
s Fast HSDir Running Unnamed V2Dir Valid
v Tor 0.2.4.21
w Bandwidth=27100
server-descriptors-2014-04/c/a/ca9e013808e271086fd4f6f544c0336de8eea55c
=======================================================================
router bauruine202 62.210.137.230 8443 0 8080
platform Tor 0.2.4.21 on Linux
published 2014-04-21 22:04:49
fingerprint F596 E1B1 EF98 E1DD BBDC 934D B722 AF54 0698 68F6
uptime 620454 (7 DAYS 4 HOURS 21 MINUTES)
bandwidth 15728640 20971520 16192064
extra-info-digest D7E071CF34679666DD9D80AB5F24020522D63F00
extra-infos-2014-04/d/7/d7e071cf34679666dd9d80ab5f24020522d63f00
================================================================
extra-info bauruine202 F596E1B1EF98E1DDBBDC934DB722AF54069868F6
published 2014-04-21 22:04:49
entry-stats-end 2014-04-21 17:43:50 (86400 s)
!!!entry-ips de=57728,us=48520,es=44432,fr=39688,br=38264,it=32816. . .
Well over 100,000 client contacts here before
the Guard flag was ever assigned.
At 11:11 8/19/2015 -0400, you wrote:
>My relay says it receives about 50k v1/v2/v3
>connections each day to the 60k v4
>connections that come in.
>
>"Entry-ips" says it has about 35k guard-
>clients. Blutmagie says there are no
>pre-0.2.4 relays talking anything other
>than v4.
>
>So I'm left thinking that 95% or more of the
>bandwidth consumption and client count is from
>crusty old botnet bots running ancient versions
>of the Tor daemon.
>
>But all that bot traffic creates a lot
>of statistical "background noise," and
>so may be providing a service in making
>it more difficult for advanced adversaries
>to perform traffic correlation analysis.
>
>Thoughts anyone?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays