[tor-relays] malicious exit relays by andrejgvozdev55 at gmail.com
gk at torproject.org
Tue Apr 13 18:50:40 UTC 2021
>> FWIW: we kicked a bunch of relays out of the network today which might
>> or might not contain any of those, hard to tell.
> Please publish the relay fingerprints that directory authorities remove, otherwise
> only the malicious entities get to learn and improve since they see the
> removal in their logfiles anyway but we tor users don't get to learn anything
> because it remains largely invisible to us.
That's a bit tricky because potential *other* attackers might be able to
learn things from our rejects if we are not careful. On the other hand,
transparency is very valuable, in particular in the bad-relays area
which is one of the least transparent areas in Tor (for good reasons,
though, see Roger's mail from a couple of years back explaining the
dilemma we are in).
That said I think we could try publishing, with some delay, the
fingerprints we reject after seeing them involved in attacks. For
instance, we could have a monthly list of those fingerprints which we
publish, as a general rule of thumb, at the beginning of the
I think I'll find a place in our network-health wiki for that.
Thanks for the suggestion,
 There might be exceptions to that rule, though, for instance if an
attack starts at the end of the month and is still on-going during the
begin of the new one, or if we think the rejection is too close to the
end of that month and thus the delay I talked about above is too short.
In both and other cases those fingerprints will then get picked up at
the begin of the month following after that.
> Roger's email from 2020-10-31 is a good example that made further investigations possible.
> kind regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-relays