[tor-relays] Recent rejection of relays
Georg Koppen
gk at torproject.org
Wed Dec 1 13:32:23 UTC 2021
Georg Koppen:
> Hello everyone!
>
> Some of you might have noticed that there is a visible drop of relays on
> our consensus-health website.[1] The reason for that is that we kicked
> roughly 600 non-exit relays out of the network yesterday. In fact, only
> a small fraction of them had the guard flag, so the vast majority were
> middle-only relays. We don't have any evidence that these relays were
> doing any attack, but there are attacks possible which relays could
> perform from the middle position. Therefore, we decided we'd remove
> those relays for our users' safety sake.
>
> While we were already tracking some of the relays for a while, a big
> chunk of them was also independently reported by a cypherpunk and nusenu
> helped analyzing the data. Thanks to both of them from our side.
>
> Foe what it is worth: a large part of those relays did not set any valid
> contact info and/or when we tried to contact some of the relays'
> operators the emails bounced. However, we sometimes need to have ways to
> reach relay operators, be it for debugging purposes or for helping them
> with relay misconfiguration. Thus, please set a valid contact info when
> running relays.
>
> Finally, anyone running relays: try to get connected to the community so
> we can build some trust among each other. That seems to be an essential
> part in our long-term strategy to fight bad relays trying to enter our
> network.
For anyone wondering when a blog post will show up related to the
rejections I wrote about above, it seems nusenu has written one:
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Make sure to scroll down to the Appendix, though, if you want to see
graphs which actually show this rejection. The very first one is
confusing as it seems to imply the attacker is still on the network/the
attack is ongoing. But that's not the case as far as we know.
An important thing to note as well is making sure *not* to actually use
the proposed self-defense as-is. It's not mentioned in the blog post but
at the repository linked to:
"""
NOTE: This PoC is NOT fit for general use and not meant to be used by
end-users!
"""
We have not finished our analysis for the relay group nusenu is talking
about in the blog post, so not sure yet about the findings mentioned
there. However, it's nice to see external parties being as vigilant as
we in trying to make sure our users have a safe Tor experience. More of
that please. :)
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20211201/5927e322/attachment.sig>
More information about the tor-relays
mailing list