[tor-relays] traffic pattern indicates MITM?
Aaron
aagbsn at extc.org
Mon Nov 19 19:08:38 UTC 2012
On Mon, Nov 19, 2012 at 7:29 AM, ea <ea at riseup.net> wrote:
> For four days the BW graph and usage table of my bridge indicated
> noticeable traffic and then the graph dropped precipitously to near
> zero & the table shows no recent usage. Vidalia/tor are working fine. I
> did try rebooting my router-modem gateway last night, but as far as I
> could monitor it, the traffic has still been near zero (maybe a few KB
> every hour or so). If I'm reading it correctly, onionoo is showing that
> the bridge is still published.
>
> I'm not complaining about this pattern, but wondering if the abrupt
> drop-off in traffic for a still-published bridge is diagnostic of MITM
> activity. Maybe there's a way to further monitor my bridge from within
> the network? If MITM is suspected, should I shut down the bridge for a
> day or so?
I'd be surprised if that's the case. Could you take a look at the
bridge stats file and see where most of your users were connecting
from? It could be that your bridge was blocked in those countries. See
the file: /var/lib/tor/stats/bridge-stats.
--Aaron
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list