[tor-relays] Recent rejection of relays
Georg Koppen
gk at torproject.org
Thu Dec 2 09:11:47 UTC 2021
abuse department:
> Could you please list me the massiv malicious actor networks that the Tor Project found out by itself in the last years?
I am not sure what your criteria for "massive" are but I can try to
provide an answer as good as I can.
First, I don't have hard data for the "last years", partly because we
did not spend time to collect that data and partly because we did not
look closely enough ourselves. Both changed at the begin of this year as
it turned out that relying to a large extent on external contributions
in this area of our work is not a smart idea for a number of reasons.
Now, while I won't link to any "massiv malicious actor networks" I can
link to all the fingerprints we rejected because we found the related
relays doing attacks on the network:
https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-fingerprints-found-in-attacks
As I said in another thread on this list[1] those fingerprints are
collected on a monthly basis. While, in general, there is no guarantee
that all of those fingerprints are found by Tor Project folks/employees
(I don't think at this point it is worth spending time trying to
differentiate between Tor Project-found/external contributors-found
malicious actors) I took the time to look up the history of all of them
as far as we have it.
Apart from 1 fingerprint mentioned in that wiki all of them got reported
by our scanners or as a result of our own investigation. That's 680/681
and is not including the massive sybil attack in May, nusenu reported as
well.[2] Maybe that's one of those massive malicious actor networks you
have in mind? If so, yes, we caught it by ourselves.
I don't know what goal you had in mind with your question, but I hope
the above helps a bit at least.
Georg
[1] https://lists.torproject.org/pipermail/tor-relays/2021-May/019647.html
[2] https://lists.torproject.org/pipermail/tor-relays/2021-May/019644.html
>> On 1. Dec 2021, at 14:32, Georg Koppen <gk at torproject.org> wrote:
>>
>> We have not finished our analysis for the relay group nusenu is talking about in the blog post, so not sure yet about the findings mentioned there. However, it's nice to see external parties being as vigilant as we in trying to make sure our users have a safe Tor experience. More of that please. :)
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20211202/1c773a9b/attachment-0001.sig>
More information about the tor-relays
mailing list