Dear all,
I was made aware today of the article be nusenu [1]. Please read it.
So even I theoretically new Sybil attack scenario against the tor network - I never was aware it could affect so much of the tor network infrastructure: "At their peak they reached >10% of the Tor network’s guard capacity".
The article leaves me with some thoughts:
+ Due to the natrue of the tor network the problem can never be solved by 100%
+ How can the tor network be improved to be more resilient against this attach (Software & Operation)
+ Is there currently already activity ongoning by the tor project and how can we as organizations and operators support it
best regards
Dirk Tor support team digitale-gesellschaft.ch
[1] https://medium.com/@nusenu/the-growing-problem-of-malicious-relays-on-the-to...
The main issue I see here is the 10%. Thats a really big chunk. They were bigger than me :( I also mailed the Tor Project after Nusenu did not receive an answer. This has to be much faster in the future.
On 9. Dec 2019, at 20:26, Dirk tor-relay.dirk@o.banes.ch wrote:
Dear all,
I was made aware today of the article be nusenu [1]. Please read it.
So even I theoretically new Sybil attack scenario against the tor network - I never was aware it could affect so much of the tor network infrastructure: "At their peak they reached >10% of the Tor network’s guard capacity".
The article leaves me with some thoughts:
- Due to the natrue of the tor network the problem can never be solved
by 100%
- How can the tor network be improved to be more resilient against this
attach (Software & Operation)
- Is there currently already activity ongoning by the tor project and
how can we as organizations and operators support it
best regards
Dirk Tor support team digitale-gesellschaft.ch
[1] https://medium.com/@nusenu/the-growing-problem-of-malicious-relays-on-the-to...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi!
Let me use this mail to reply to both niftybunny's and Dirk's points as they are kind of related.
niftybunny:
The main issue I see here is the 10%. Thats a really big chunk. They were bigger than me :( I also mailed the Tor Project after Nusenu did not receive an answer. This has to be much faster in the future.
We plan to make needed improvements here, yes, see below.
On 9. Dec 2019, at 20:26, Dirk tor-relay.dirk@o.banes.ch wrote:
Dear all,
I was made aware today of the article be nusenu [1]. Please read it.
So even I theoretically new Sybil attack scenario against the tor network - I never was aware it could affect so much of the tor network infrastructure: "At their peak they reached >10% of the Tor network’s guard capacity".
The article leaves me with some thoughts:
- Due to the natrue of the tor network the problem can never be solved
by 100%
- How can the tor network be improved to be more resilient against this
attach (Software & Operation)
I think there are plenty of improvements possible both on the software and the operation's side.
nusenu's points at the end of the medium post are good ones for getting the discussion started. In general, it makes a lot of sense to adjust requirements for getting the various relay flags. There are some informal proposals and ideas floating around and I hope we can consolidate those early next year to then have a proposal up for wider discussion.
Another angle we should try to focus on is detecting attacks earlier and acting on them in a timely manner. I hope we can try to improve in that area by incorporating all the bad relay activities into the (upcoming) network-health team and having people working full-time in that field coordinate all the efforts so that we are spending our scarce resources more effectively.
- Is there currently already activity ongoning by the tor project and
how can we as organizations and operators support it
There have been a lot of efforts going on from the Tor Project side in dealing with bad relays. However, those were and are mostly done by volunteers who are doing a great job. Roger posted roughly a year ago[1] a potential roadmap for a potential network-health team. While the roadmap is still not done yet we made progress during this year in setting up such a team. It will be officially starting to work next month being a first-class citizen among all the other Tor Project teams, which means regular open meetings, an own mailing list[2], community participation etc. Please check that out if you are interested as we need help as always. :)
Without going into detail in this mail about all the things the network team currently thinks to focus on, suffice it to say making our bad relay prevention/detection/action more streamlined and effective is one of the most important things on its agenda.
As to how organizations/operators running relays can support dealing with bad relays I am not sure. I think setting ContactInfo and where appropriate the MyFamily flag and similar means is a good move here. Then strengthening the relay community by having relay operator meetups seems to be a good idea as well. Furthermore, I suspect we'll need relay operator input for specific bad relay related proposals and discussions I alluded to above. So, please participate.
Georg
[1] https://lists.torproject.org/pipermail/tor-project/2018-December/002138.html [2] https://lists.torproject.org/cgi-bin/mailman/listinfo/network-health
tor-relays@lists.torproject.org