[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")
Sharif Olorin
sio at tesser.org
Sun Aug 9 06:44:25 UTC 2015
> I would expect most US universities to be logging netflow in the very
> least. Even if the Tor operator isn't keeping logs, it seems safe to assume
> the network operator is.
I'd be surprised if it was different for non-US universities - I'd
expect this to be the case for every university with its own AS, and
probably most without. It's not specific to universities either; it
would be a rare ISP that doesn't retain netflow for traffic accounting
purposes. It's often somewhat aggregated, but to varying degrees - the
last such system I worked on was designed to retain indefinitely at
sub-minute granularity for training/crossvalidation of network anomaly
detection.
I'd be curious to know if anyone is running a relay that's not logged
at all within its own AS; it seems like it'd be out of the reach of
most operators, unless they have a friendly employer.
Sharif
--
OpenPGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150809/462ae542/attachment.sig>
More information about the tor-relays
mailing list