2017-06-07 15:37: 65 new tor exits in 30 minutes
DocTor [1] made me look into this. _All_ 65 relays in the following table have the following characteristics: (not shown in the table to safe some space) - OS: Linux - run two instances per IP address (the number of relays is only odd because in one case they created 3 keys per IP) - ORPort: random - DirPort: disabled - Tor Version: 0.2.9.10 - ContactInfo: None - MyFamily: None - Joined the Tor network between 2017-06-07 15:37:32 and 2017-06-07 16:08:54 (UTC) - Exit Policy summary: {u'reject': [u'25', u'119', u'135-139', u'445', u'563', u'1214', u'4661-4666', u'6346-6429', u'6699', u'6881-6999']} - table is sorted by colmns 3,1,2 (in that order) - Group diversity: - 20 distinct autonomous systems - 18 distinct countries https://gist.githubusercontent.com/nusenu/81337aed747ea5c7dec57899b0e27e94/r... Relay fingerprints are at the bottom of this file. This list of relays is NOT identical to the one from DocTor (even though the number is identical (65)): [1] https://lists.torproject.org/pipermail/tor-consensus-health/2017-June/007968... https://twitter.com/nusenu_/status/872536564647198720 -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
On 07 Jun (19:41:00), nusenu wrote:
DocTor [1] made me look into this.
_All_ 65 relays in the following table have the following characteristics: (not shown in the table to safe some space)
Yah, we got a report on bad-relays@ as well... We are looking into this but seems there is a distinctive pattern for most of them. David
- OS: Linux - run two instances per IP address (the number of relays is only odd because in one case they created 3 keys per IP) - ORPort: random - DirPort: disabled - Tor Version: 0.2.9.10 - ContactInfo: None - MyFamily: None - Joined the Tor network between 2017-06-07 15:37:32 and 2017-06-07 16:08:54 (UTC) - Exit Policy summary: {u'reject': [u'25', u'119', u'135-139', u'445', u'563', u'1214', u'4661-4666', u'6346-6429', u'6699', u'6881-6999']} - table is sorted by colmns 3,1,2 (in that order)
- Group diversity: - 20 distinct autonomous systems - 18 distinct countries
https://gist.githubusercontent.com/nusenu/81337aed747ea5c7dec57899b0e27e94/r...
Relay fingerprints are at the bottom of this file.
This list of relays is NOT identical to the one from DocTor (even though the number is identical (65)): [1] https://lists.torproject.org/pipermail/tor-consensus-health/2017-June/007968...
https://twitter.com/nusenu_/status/872536564647198720
-- https://mastodon.social/@nusenu https://twitter.com/nusenu_
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- F3vakg18tijjqFR690AknN2mb+hDT7jRDxYnpDPmVjY=
On Wed, Jun 07, 2017 at 03:50:54PM -0400, David Goulet wrote:
On 07 Jun (19:41:00), nusenu wrote:
DocTor [1] made me look into this.
_All_ 65 relays in the following table have the following characteristics: (not shown in the table to safe some space)
Yah, we got a report on bad-relays@ as well... We are looking into this but seems there is a distinctive pattern for most of them.
Update: we set things in motion this afternoon to cut the relays out of the network. Also, we have a plausible guess about where they came from, and we contacted the company that we think controls the IP addresses, so they can figure it out / clean up as needed. Thanks! --Roger
Roger Dingledine:
we have a plausible guess about where they came from, and we contacted the company that we think controls the IP addresses, so they can figure it out / clean up as needed.
Interesting. I'm curious, how did you link the IP addresses to the company? Is your guess that the company set up relays or that someone used that company's servers to setup relays? ("clean up" sounds like someone used their servers in an unauthorized way) -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
On Thu, Jun 8, 2017 at 12:15 AM, Arisbe <arisbe@cni.net> wrote: Content-Type: text/html :(
Seems like none of us have the time to research these events or those before. If people can't play by written and unwritten rules regarding Tor contact info, family members, etc. and they 'could' be a danger to anonymity, why does Tor bother with them? If people are sincere about helping the Tor network, they will express that in their offers--otherwise, as in this situation, they should be removed until sufficient information is provided.
Both anonymity and nymity provide strengths and weakness to networks. Certainly everyone can imagine some. In that understanding, finding / creating "good" relays is as useful as hunting for "bad" relays. As before, if some set of rules and metrics might be felt important to you or others in choosing relays to use, why not start a project to collate and publish lists of relays based on that, then users can subscribe it. Thanks to the appreciated efforts of those volunteering their time and research to find things, these relays are up for a fat k-line real soon now :)
participants (5)
-
Arisbe -
David Goulet -
grarpamp -
nusenu -
Roger Dingledine