[tor-dev] Should cloud-hosted relays be rejected?

nusenu nusenu at openmailbox.org
Tue Sep 1 17:23:35 UTC 2015 

>> I don't think banning GCE, AWS and MS Azure is an efficient method
>> to
>>> significantly increase the cost of attacks because it is trivial
>>> for an attacker to quickly spin up "a large number of disposable
>>> machines" at other ISPs as well.
> It has other benefits. Those big providers see a huge amount of exit
> traffic and can potentially do correlation against that.

I disagree on 'huge'.
If you worry about i.e. Amazon hosting to much exit bandwidth you have
to worry about many other* ASes first, and even then, banning them all
completely (exit prob = 0) isn't probably a wise strategy.







*)
+-----------+---------------------------------+
| exit_prob | AS_name                         |
+-----------+---------------------------------+
|     9.261 | OVH SAS                         |
|     7.629 | Avira B.V.                      |
|     6.239 | SOFTplus Entwicklungen GmbH     |
|     5.306 | Hetzner Online AG               |
|     4.013 | UK2 - Ltd                       |
|     3.563 | LeaseWeb B.V.                   |
|     3.316 | Voxility S.R.L.                 |
|     3.171 | Init7 (Switzerland) Ltd.        |
|     2.454 | NFOrce Entertainment BV         |
|     2.232 | CYBERDYNE                       |
|     2.174 | Association TETANEUTRAL.NET     |
|     2.111 | ALISTAR SECURITY SRL            |
|     2.018 | 31173 Services AB               |
|     1.852 | PlusServer AG                   |
|     1.831 | root SA                         |
|     1.713 | ONLINE S.A.S.                   |
|     1.703 | QuadraNet, Inc                  |
|     1.475 | ISPpro Internet KG              |
|     1.441 | Foreningen for digitala fri- oc |
|     1.427 | BlazingFast LLC                 |
|     1.377 | rrbone UG (haftungsbeschraenkt) |
|     1.288 | IP-EEND BV                      |
|     1.249 | WEDOS Internet, a.s.            |
|     1.240 | Abovenet Communications, Inc    |
|     1.181 | The Calyx Institute             |
|     1.169 | myLoc managed IT AG             |
|     1.024 | Digicube sas                    |
|     0.871 | Amazon.com, Inc.                | << Amazon
|     0.817 | Hurricane Electric, Inc.        |
|     0.799 | University of Michigan          |
+-----------+---------------------------------+
onionoo data from 2015-09-01 07:00:00

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150901/e2543e03/attachment.sig>

More information about the tor-dev mailing list