-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Other node operators, could you please try your IP address? Perhaps this could explain the recent increase in connections?
within 2 days of setting up a node at a new IP it was added to the extortionists over at SORBS :-/
a suggestion: maybe a new tor-node-moralfag-mailinglist should be set-up as to remove this soap opera from a technical mailing list. _________________________________________________________________________
GnuPG Fingerprint: 7770 D186 A06E A329 2217 3161 63EB F269 37B8 8644
_________________________________________________________________________
That Guy wrote:
to remove this soap opera from a technical mailing list.
"Soap opera"? Apparently you are missing the point.
Obviously malware writers will use Tor for various purposes, but connecting to a C&C via Tor would not make sense since they have the largest anonymising botnet themselves. Hence, this could indicate a new piece of malware has been created that contacts its C&C via Tor to hide the IPs of the infected PCs. That would be beneficial to hamper gathering statistics and cleanup.
Sorry, if that hypothesis is not technical enough for your taste. Glad to hear that you have figured out what is causing the circuit creation storm. Care to tell the rest of us?
tor-node-moralfag-mailinglist
How nice...
// Yoriz
On Mon, 02 Sep 2013 21:39:35 +0000, Yoriz wrote:
That Guy wrote:
to remove this soap opera from a technical mailing list.
"Soap opera"? Apparently you are missing the point.
The soap opera was the part where someone tried to filter tor traffic on moral grounds which is obviously not feasible.
Obviously malware writers will use Tor for various purposes, but connecting to a C&C via Tor would not make sense since they have the largest anonymising botnet themselves.
It would still be the question what the botnet is for - anonymization isn't usually the goal. Using a hidden service for C&C access gets you around all the stuff with fastflux deployment.
Which in turn makes me wonder: How much code change and deployment would it take to take down (as in 'make inaccessible via the tor network') a given hidden service?
Andreas
tor-relays@lists.torproject.org