Hello.
I apologize for leaving some of the relevant information out on the 1st email. The relay operator did contact me but im not him.
Ive seen it from the client side, where all my relays starting with a US bridge automatically connects to 1 or both other nodes which are also in the US. Ive had all 3 of them, Guard Middle and Exit All US Ips over and over and over again.
Changing bridges only works if the bridge is changed to a non-US IP. As soon as i change the bridge to 1 that hits a US Ip it automatically gives me a middle or exit or both in the US.
Later in the day i was contacted by a HS operator who said they had also witness strange relay behavior in the last 2 or 3 days. He subsequently has shut down his HS.
Ive studied Tor for the last 5 years and have been an active penetration tester in the community for the last 2 years. Something feels wrong but i just cant put my finger on it.
Thank You For Your Time 0Day
-- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com
21. Jul 2017 18:00 by tor-relays-request@lists.torproject.org:
Send tor-relays mailing list submissions to
tor-relays@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
tor-relays-request@lists.torproject.org
You can reach the person managing the list at
tor-relays-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..."
Today's Topics:
- Traffic Confimration Attacks/ Bad Relays (> 0dayshoppingspree@tutanota.com> )
- Re: Traffic Confimration Attacks/ Bad Relays (Matt Traudt)
- Re: 100K circuit request per minute for hours killed my relay (Arisbe)
- Re: Traffic Confimration Attacks/ Bad Relays (Matt Traudt)
Message: 1 Date: Fri, 21 Jul 2017 18:12:25 +0200 (CEST) From: <> 0dayshoppingspree@tutanota.com> > To: <> tor-relays@lists.torproject.org> > Subject: [tor-relays] Traffic Confimration Attacks/ Bad Relays Message-ID: <> Kp_uyMv--3-0@tutanota.com> > Content-Type: text/plain; charset="utf-8"
Hello
A few users have detected suspicious activity around certain Relays in the network. There could be Time Confirmation Attacks happening currently on the Live Tor Network.
If any Tor dev see this, Please Start Checking The US Relays in the network.
Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com