I just got this sent to me, not sure if it is legit or not. I'm going to assume the worst for now, thought I'd send it out here for discussion and as a heads up for anyone who hasn't yet gotten one of these. I'm hesitant to run anything from someone wanting to do a "study" on Tor Relays. Message forwarded below.
-------- Original Message -------- Subject: Tor Survey Date: Wed, 11 Jan 2012 11:47:35 +0100 (CET) From: Marco Valerio Barbera barbera@dsi.uniroma1.it To: tor@brwyatt.net
Dear Tor Relay Administrator,
my name is Marco Valerio Barbera, I am a PhD student in Computer Science at La Sapienza University of Rome and I am currently doing a research study on the security of the Tor Network in collaboration with Angelos Keromytis, head of the Network Security Lab at Columbia University.
You are receiving this message because your e-mail address is associated to the Tor Relay(s) with nickname(s) and address(es):
brwyatt1 96.226.232.75
It has recently been discovered a new DoS attack that could allow an adversary to stop one or more Tor Relays from participating and providing service to the Tor Network. This kind of attack poses a potential threat to the hundreds of thousands of users around the globe that use Tor every day. For instance, an adversary may be able to shut down a substantial part of the Tor Network, forcing users to surf the web in a traceable way. In an even worse scenario, an adversary may attract a big part of the data flowing through the Tor Network to one or more malicious Tor Relays that could, thus, cooperate in deanonymizing Tor traffic without being noticed by the users.
The aim of our study is that of evaluating the amount of resources an adversary would need to perform such an attack and what would be the actual damage that the Tor Network would suffer. At the same time, we are working on a patch to be applied to the Tor software that could mitigate this issue.
The reason you are receiving this message is that, to improve our study, we require some extra information about the Relay(s) you are running that, unfortunately, is not publicly available. We would therefore like to ask a very little, but precious, help from your side in collecting this information and sharing it with us. Note that the information we need is *not* related in any way with the traffic that you are relaying in this moment or have relayed in the past, thus it cannot be directly used to affect the privacy of the Tor users. What we are interested in is related to the hardware characteristics (e.g., number of physical CPUs, amount of memory) and with some of the configuration parameters of your Tor Relay (e.g., number of processors the Tor Relay can use, bandwidth limit).
In the case you agree to help us, collecting this information won't steal much of your precious time. In order to make it easier for you to get it, you will find on the website linked at the end of this message a small shell script that you can run on the Tor Relay(s) themselves or, if possible, on another machine with the *same* hardware specs. The script doesn't need any special (i.e., root) permission to run, it won't download anything from the network, nor it will install any software on your machine. We also commented it so as to make it easier for you to understand it in case you wanted to check what is the exact sequence of operations it will perform and information it will collect. Any data saved by the shell script will be available in a human readable text format stored in an output directory you will specify. We encourage you to use the public key you will find on the bottom of this message to encrypt the data collected by the script before sending it to us. You ca n get the same public key on the website linked at the end of this message. We would like to assure you that we will take extraordinary care in protecting in the best way we can the privacy of any information you will decide to share with us. We want also to assure you that, in the event it will be published, any data you will provide us will be carefully anonymized and given only in terms of aggregated statistics.
Together with the script, you will find a README file containing detailed instructions on how to use it and how to encrypt the results before sending them to us.
We thank you for your kind attention.
Best regards,
Marco Valerio Barbera
You can find the script and the public key in any of these locations:
https://sites.google.com/site/marcobarbera/tor-survey http://www.dsi.uniroma1.it/~barbera/tor-survey.html
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (Darwin)
mQENBE8Fo8gBCADEwO0RNlXfTovI+LLGH8qGyRcDHycFc12URCZdol46sTPnNcrE 2w+KuIK841+QJt40tYBtE9/BT8CerQEGrEteiTIAClpltJcE+6Z04+bbS6EmDzb7 WzpxF0Tv9UrGhGCBncGvFnFbxaJQBu+5KrhJJTrW++778WTqMHoXvEw2LA9QHQB5 qaAgZbvi+2JHrXEB0Cp/OTtGXLz8uej/liifYNh8bYCYIpU8fe+7Q+1ktyPk75g3 1/bTgfywujIVxXoZyo2usSdEZ7KmrISA4E8TlCQwidK8dFEPNwREfcyVNfgrxXyS TpMj/41KWOfymBuR+x0gfpP7eUlzUoObFkaPABEBAAG0L01hcmNvIFZhbGVyaW8g QmFyYmVyYSA8YmFyYmVyYUBkc2kudW5pcm9tYTEuaXQ+iQE4BBMBAgAiBQJPBaPI AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAUhbbzQCoISDOaCACCtPjq o041Z6urq8SVrlK/I659C1fbRUPVi+DJSEP3yZWIDxgwxDGopgabB/NFMwULiKOv 9WNHWydxrxsFYA/+lwbr9YxbV8ShME/pzhR6K+kbT7AGSmBOefgVfCJywh7JcGb4 kp59KKmX7EnHYEkir3HK3wX34ScPbttge1bTQfQF4bKvGcUbqStIn/rL5mGNfbeR IFUidMF6aa1CcPIvkqD2Gs7rv9hAXFVG7/3TjrrzIAsFdXhU6UIM45jwdUnsbLiD Jz96Qz4HLa9wNU7nuSDAqzz+t15O/Fffg55pcUB1MpFIAhVqLffGfAoGrihAylPU aZIqc9ZJk2nr96KLuQENBE8Fo8gBCADs+hN+b/fir4mlxr9EqycYYvieuwiGWttt ocpWuhk/MxCzCRUA2/0GWdqtgFnmygWAh6HBv0XOZS04n83XGkKMEtoSfR4KXc8m xhtYkeSxH0FUuLE6/R9kHYcE7Eg4Jt0RO+aiCSoY4VDK7n4SpqWKoSVNYXKoYr2L zoXQ/PGJ/7RH9RAzKZDdQ5sgKLbpXiwib8mkWYbtPhNIbW4mF5QNSG+705L0yGh4 2keiPQFRAvc8hnkcKx6OVpmxdYEVTJT1t+ViYptDhtYc8axAB2z2ZBVyeeam3AZ0 3aJcG7PbQB/dmDPAKwULEsPoNWXEDKwZP6LbGo0tTAcklAB+RBOvABEBAAGJAR8E GAECAAkFAk8Fo8gCGwwACgkQFIW280AqCEg6UQgAwqd2TMzE01KWiafP7uIyk92l hgVEahFPulJyeWCpbqzA+4fYtC1rT+kuoDbyHbzbkQZJEHIjGcDlPHpb1zbB7iQy 6HyKhxRQXVcGCgWbsycYbLM+lwXbOn6LFqq6I+wBaMvOpPFNipxenJfjIlXdZyjA DSxI7SNvm+AMSfmVC0SJuTmxZGLdu8NxUohsqf6tpfspM341yQQZ2kUPGcwx/Y4d wvei2cbtTf2jSpU+y6Bara9c7JPjPq8pNsakrFneF/4l2T3cLVI5B95SXY5XTaTI G1VNfyebQCPUS0kKvpbHGxFl+B2STFjMMRbCpiqH3jFhBOcIrBulXhqTz5oLcg== =OsQy -----END PGP PUBLIC KEY BLOCK-----
--- NOTICE This is an autonomous study, not supported neither directly nor indirectly by the Tor Project Inc. The Tor Project Inc. is not responsible for any content of this message.
On Wed, Jan 11, 2012 at 11:07 PM, Tor Relays at brwyatt.net tor@brwyatt.net wrote:
thought I'd send it out here for discussion and as a heads up for anyone who hasn't yet gotten one of these. I'm hesitant to run anything from someone wanting to do a "study" on Tor Relays. Message forwarded below.
https://lists.torproject.org/pipermail/tor-talk/2012-January/022754.html
On Thu, Jan 12, 2012 at 02:07:13AM +0000, Tor Relays at brwyatt.net wrote:
I just got this sent to me, not sure if it is legit or not. I'm going to assume the worst for now, thought I'd send it out here for discussion and as a heads up for anyone who hasn't yet gotten one of these. I'm hesitant to run anything from someone wanting to do a "study" on Tor Relays. Message forwarded below.
There's some discussion on tor-talk.
https://lists.torproject.org/pipermail/tor-talk/2012-January/thread.html#227...
-andy
tor-relays@lists.torproject.org
-
Andy Isaacson -
Javier Bassi -
Tor Relays at brwyatt.net