Paris S papasierra88@gmail.com wrote:
Interesting. Could this be a part of what the leaked documents were referring to as "groundbreaking capabilities" a few months back?
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html... https://www.eff.org/document/2013-09-05-guard-bullrun
I don't know the answer to your question. However, there is a problem that has come up on this list a number of times in the last few years that has never been resolved, and that is the sporadic, sudden mobbing of relays by tens to hundreds of times as many incoming connections as those relays normally get, often for up to several hours at a time. Systems whose CPUs are not powerful enough to keep up with the heavy influx of onions to be peeled become bogged down, sometimes to the point of their kernel listen queues overflowing and X servers becoming unresponsive. AFAIK, no one has ever figured out exactly what causes these mobbing events, although I have suspected (for purely circumstantial reasons) since shortly after they began happening that they were connected somehow to hidden services. Until very recently two things in particular about these mobbing events bothered me and remained unresolved:
1) if the mobbing events are related to hidden services, are they in connection to relays being used as rendezvous nodes? Or are they instead connected to running as a hidden service directory?
2) are the mobbing events due to a bug or design error? Or are they instead some sort of intentional attack?
Now I think I can both confirm the suspicing that the mobbing is indeed connected somehow to hidden services and specifically to relays running hidden services directories. Since I changed
HidServDirectoryV2 1
to
HidServDirectoryV2 0
some weeks ago, there has been no sign of my relay being mobbed the manner described above, whereas formerly the mobbing events were quite frequent, often beginning several times per day and sometimes beginning before an earlier mobbing event had subsided. My conclusion is that the massive (in relation to the background) rates of inbound connections are accesses to the hidden services directory part of a tor relay. Since becoming aware of Heartbleed a few days ago, I have been wondering whether the NSA or some other criminal group(s) or individual(s) might be using untraceable connections to HSDir-flagged relays to acquire lots of memory contents illegally with relay operators noticing the events main;y because of their deleterious effects on system performance.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *or* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************