[tor-bugs] #5039 [Analysis]: What's up with the sybil attack from 0.2.2.32 relays?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Feb 7 15:54:51 UTC 2012
#5039: What's up with the sybil attack from 0.2.2.32 relays?
----------------------+-----------------------------------------------------
Reporter: arma | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: Analysis | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by atagar):
Um... I pointed those out almost a month ago ("Automated exit setup?" on
January 18th), I also tried to remind people about this in my monthly
report without much success. Do we want trac tickets for bad exit reports
instead?
Here's the January email I sent which gives more context on these:
Three times now I've seen an odd burst in exits. Here's their attributes:
- policies are for 80/443, without any contact info
- the nickname is a string of eight random lowercase letters
- in the instances I checked they're running git-8522652d8e9213d4
- the relays in a single burst are from the same subnet, but bursts differ
from each other
When I checked the intersection of the git sha1 and nicknames I got a set
of 41 relays (see below). Over all there seemed to be 141 relays with that
sort of nickname pattern though many could be false positives. This
definitely feels like an automated exit setup - maybe tor exits are being
set up throughout some college labs?
----------------------------------------
router ntkhkzec 195.43.95.140 80 0 0
router qfqujolk 31.31.199.85 88 0 0
router rxqxwoxe 195.43.95.143 80 0 0
router zcycbjmz 188.143.232.185 80 0 0
router qyjosdyd 81.177.169.103 80 0 0
router aucxiymi 188.143.233.90 80 0 0
router nkolifbc 81.177.170.123 80 0 0
router frrhvdvo 195.43.95.170 80 0 0
router zxgnqfzu 188.143.232.186 80 0 0
router ojvhkmtn 81.177.170.117 80 0 0
router oentxysy 195.43.95.142 80 0 0
router aygxibjq 195.43.95.169 80 0 0
router dwexhujv 188.143.232.86 80 0 0
router ukycscgk 195.43.95.144 80 0 0
router dhzocibw 81.177.169.123 80 0 0
router tgywrqdg 195.43.95.147 80 0 0
router gksrwwqk 188.143.233.75 80 0 0
router anqziwwf 188.143.233.185 80 0 0
router usmgyadv 195.43.95.171 80 0 0
router rlomobbq 188.143.233.89 80 0 0
router dlrlzdgz 195.43.95.148 80 0 0
router hmynhcfo 81.176.237.109 80 0 0
router dgnlvnml 195.43.95.175 80 0 0
router wxrbychr 81.177.169.113 80 0 0
router vglbujiu 195.43.95.172 80 0 0
router bjrjcjgo 188.143.232.89 80 0 0
router zjjkxodl 188.143.233.183 80 0 0
router moaivzcd 81.177.170.103 80 0 0
router grxvgukd 195.43.95.149 80 0 0
router ydeirwvt 195.43.95.141 80 0 0
router bowtzogi 188.143.232.188 80 0 0
router heqqjacu 195.43.95.145 80 0 0
router eewnumut 188.143.232.87 80 0 0
router xgryuwkq 195.43.95.168 80 0 0
router ebqeqqci 195.43.95.173 80 0 0
router ejfahamw 195.43.95.167 80 0 0
router zzvhctid 195.43.95.174 80 0 0
router mtfoglfy 188.143.233.184 80 0 0
router vkhnqmrz 188.143.233.74 80 0 0
router hhusrjuj 195.43.95.146 80 0 0
router urcfijmz 188.143.232.187 80 0 0
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5039#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list