[tor-relays] malicious exit relays by andrejgvozdev55 at gmail.com
Georg Koppen
gk at torproject.org
Tue Apr 13 18:50:40 UTC 2021
nusenu:
>> FWIW: we kicked a bunch of relays out of the network today which might
>> or might not contain any of those, hard to tell.
>
> Please publish the relay fingerprints that directory authorities remove, otherwise
> only the malicious entities get to learn and improve since they see the
> removal in their logfiles anyway but we tor users don't get to learn anything
> because it remains largely invisible to us.
That's a bit tricky because potential *other* attackers might be able to
learn things from our rejects if we are not careful. On the other hand,
transparency is very valuable, in particular in the bad-relays area
which is one of the least transparent areas in Tor (for good reasons,
though, see Roger's mail[1] from a couple of years back explaining the
dilemma we are in).
That said I think we could try publishing, with some delay, the
fingerprints we reject after seeing them involved in attacks. For
instance, we could have a monthly list of those fingerprints which we
publish, as a general rule of thumb[2], at the beginning of the
following month.
I think I'll find a place in our network-health wiki for that.
Thanks for the suggestion,
Georg
[1] https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html
[2] There might be exceptions to that rule, though, for instance if an
attack starts at the end of the month and is still on-going during the
begin of the new one, or if we think the rejection is too close to the
end of that month and thus the delay I talked about above is too short.
In both and other cases those fingerprints will then get picked up at
the begin of the month following after that.
> Roger's email from 2020-10-31 is a good example that made further investigations possible.
>
> kind regards,
> nusenu
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20210413/9960ea7a/attachment.sig>
More information about the tor-relays
mailing list