[tor-relays] NSA knew about Heartbleed
Scott Bennett
bennett at sdf.org
Sun Apr 13 18:45:00 UTC 2014
Mateusz B?aszczyk <blahu77 at gmail.com> wrote:
>
> I am wondering that another effect of the heartbleed was increased TLS overhead, that I saw many times also before April-7.
> Unfortunately I do not store more than 7 files worth of logs:
>
> Apr 1 02:50:23 localhost Tor[394]: TLS write overhead: 7%
> Apr 1 08:51:35 localhost Tor[394]: TLS write overhead: 7%
> Apr 1 14:52:45 localhost Tor[394]: TLS write overhead: 7%
> Apr 1 20:53:52 localhost Tor[394]: TLS write overhead: 7%
> Apr 2 02:55:02 localhost Tor[394]: TLS write overhead: 7%
> Apr 2 08:56:08 localhost Tor[394]: TLS write overhead: 7%
> Apr 2 14:57:20 localhost Tor[394]: TLS write overhead: 7%
> Apr 2 20:58:28 localhost Tor[394]: TLS write overhead: 7%
> Apr 3 02:59:37 localhost Tor[394]: TLS write overhead: 7%
> Apr 3 09:00:44 localhost Tor[394]: TLS write overhead: 7%
> Apr 3 15:01:53 localhost Tor[394]: TLS write overhead: 7%
> Apr 3 21:03:04 localhost Tor[394]: TLS write overhead: 7%
> Apr 4 03:04:12 localhost Tor[394]: TLS write overhead: 7%
> Apr 4 09:05:22 localhost Tor[394]: TLS write overhead: 7%
> Apr 4 15:06:30 localhost Tor[394]: TLS write overhead: 7%
> Apr 4 21:07:39 localhost Tor[394]: TLS write overhead: 7%
> Apr 5 03:08:49 localhost Tor[394]: TLS write overhead: 7%
> Apr 5 09:09:58 localhost Tor[394]: TLS write overhead: 7%
> Apr 5 15:11:06 localhost Tor[394]: TLS write overhead: 7%
> Apr 5 21:12:16 localhost Tor[394]: TLS write overhead: 7%
> Apr 6 03:13:24 localhost Tor[394]: TLS write overhead: 7%
> Apr 6 09:14:33 localhost Tor[394]: TLS write overhead: 7%
> Apr 6 15:15:42 localhost Tor[394]: TLS write overhead: 7%
> Apr 6 21:16:52 localhost Tor[394]: TLS write overhead: 7%
> Apr 7 23:43:41 localhost Tor[523]: TLS write overhead: 6%
> Apr 8 05:43:41 localhost Tor[523]: TLS write overhead: 6%
> Apr 8 11:43:41 localhost Tor[523]: TLS write overhead: 6%
> Apr 8 23:06:23 localhost Tor[58851]: TLS write overhead: 41%
> Apr 9 05:06:23 localhost Tor[58851]: TLS write overhead: 37%
> Apr 9 11:06:23 localhost Tor[58851]: TLS write overhead: 29%
> Apr 9 17:06:23 localhost Tor[58851]: TLS write overhead: 23%
> Apr 9 23:06:23 localhost Tor[58851]: TLS write overhead: 19%
> Apr 10 05:06:23 localhost Tor[58851]: TLS write overhead: 18%
> Apr 10 11:06:23 localhost Tor[58851]: TLS write overhead: 14%
> Apr 10 17:06:23 localhost Tor[58851]: TLS write overhead: 8%
> Apr 11 02:00:13 localhost Tor[65758]: TLS write overhead: 6%
> Apr 11 08:00:13 localhost Tor[65758]: TLS write overhead: 5%
> Apr 11 14:00:13 localhost Tor[65758]: TLS write overhead: 5%
> Apr 11 20:00:13 localhost Tor[65758]: TLS write overhead: 5%
> Apr 12 02:00:13 localhost Tor[65758]: TLS write overhead: 5%
> Apr 12 08:00:13 localhost Tor[65758]: TLS write overhead: 5%
> Apr 12 14:00:13 localhost Tor[65758]: TLS write overhead: 5%
> Apr 12 20:00:13 localhost Tor[65758]: TLS write overhead: 5%
>
> Especially as it looks to be highly increased after the release of the vulnerability.
How can you tell that? tor did not log those messages back in 2012 when
the vulnerability was released.
> I am not sure I am on right track but it does look suspicious.
>
What would interest me would be to know whether the period of increased
TLS write overhead highlighted above involved hidden services directory
connections.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *or* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-relays
mailing list