[metrics-team] Report on protecting Tor from Sybil attacks

nusenu nusenu at openmailbox.org
Sun Feb 28 01:05:44 UTC 2016

>> Another question that comes up is: How do you tell benign Sybils apart
>> from non-benign Sybils?
> That's not always possible. 

Yes (if possible at all).

>> Cross-checking with some OrNetRadar [1] emails:
>> Jan 2016 cloudvps family size: 61 vs 97
>> http://article.gmane.org/gmane.network.onion-routing.ornetradar/854
>> (if we ignore non-running relays, up=0, then the counts match)
> The numbers in Table 2 are the total number of fingerprints we have
> observed.

> Sybilhunter generally considers relays without the valid flag.

Ok since sybilhunter requires perfect uptime matches it will never
aggregate relays that did not join with the same consensus - when the
uptime method is used. (That excludes the 35 cloudvps relays that joined
one hour later.)

consensus 2016-01-07-15-00-00 contains 62 relays named "cloudvps",
sybilhunter detected 61 relays.
This is the relay that didn't trigger:

> r cloudvps AsrpPVTec+G0CA+UeFdf+NmE67A bAmCsE17yU/tQrawOKjmrMZWPh0 2016-01-07 14:35:03 9001 9030
> s Running V2Dir Valid
> v Tor
> w Bandwidth=0 Unmeasured=1
> p accept 22,80,443,8080

so I can only assume that this relay did not have the same uptime
pattern even though it joined with the same consensus.

Is there an observation window size for the uptime method or are relays
required to have matching uptimes across their entire lifetime?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/metrics-team/attachments/20160228/f6ac1030/attachment.sig>

More information about the metrics-team mailing list