[tor-talk] Someone is crawling TorHS Directories: Honeypot
coderman
coderman at gmail.com
Sat Sep 13 02:10:12 UTC 2014
On 9/12/14, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
> ...
> about a month ago i wanted to verify if someone is actively crawling
> TorHS that are inside the memory of Tor HS directories.
>
> So, i've setup a small Tor Hidden Service Honeypot at home with unknown,
> unpublished, non-publicly-linked TorHS,
fun; this appears to be an intermittent pastime of some for near a decade now...
i would call these honeytokens, however, as it is the name you are
concerned about, not the services running at that onion. e.g. "...
configured honeytoken hidden service addresses known only to myself
and the chosen HSDir for that address." </pedant>
> ...
> It would be nice to extend this concept to proactively detect and
> identify who's running such malicious Tor Relays by logging/mapping
> every HSDir that is selected/rotated for such Tor Hidden Services.
you shouldn't assume HSDir is private in any case; and if enumeration
is truly a concern, fast flux onions is a thing. these are location
hidden, not existence hidden :)
best regards,
More information about the tor-talk
mailing list