[tor-relays] botnet? abusing/attacking guard nodes by openssl?
teor
teor2345 at gmail.com
Wed Dec 20 20:48:21 UTC 2017
> On 21 Dec 2017, at 06:48, Felix <zwiebel at quantentunnel.de> wrote:
>
> Hi everybody
>
>> * if all 65535 connections on an IP were open to the Tor network, and
>> * the biggest Tor Guard has 0.91% Guard probability[0], then
>> * it would expect to see 597 connections.
>
> Sorry if this is a silly question, but do we know if these are Tor
> clients connecting our guards? We see many connects but not much circuits.
Some of us have analysed the details of this attack on our relays.
The clients perform SSL, the Tor link protocol, and parts of the circuit protocol.
Are they real Tor clients? Possibly not.
We're working on a fix, please see this email for details:
https://lists.torproject.org/pipermail/tor-relays/2017-December/013881.html
T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171221/fe788967/attachment.html>
More information about the tor-relays
mailing list