[tor-talk] A month with BADONIONS

nusenu nusenu at openmailbox.org
Fri Jun 26 11:45:13 UTC 2015


thanks for the pointer.

> This was interesting - not sure if I've missed discussion of it
> here, but I didn't find anything with a quick search.
> https://chloe.re/2015/06/20/a-month-with-badonions/
> Tl:dr; the author set up a very basic honeypot to detect
> potentially abusive guard and exit nodes, and found some. (Quelle
> surprise!)
> The claim that they reported the naughty guard nodes to Tor but
> have not seen any remediation is something which might merit a
> response, if nothing else.

The set of "15 fingerprints" contains only 7 unique fingerprints.

4 are currently (2015-06-26 08:00:00 UTC) running and don't have the
badexit flag.
3 of them signed up on 2014-04-09 but have a consensus weight < 5.

Fastest relay is 'AviatoChortler':

which signed up 2015-05-21 and has an advertised bw of 31MB/s.

Relay nicknamed 'Hackosaurusrex' appeared already previously (although
with different fingerprint):

overview table (includes reported relays that were running in the last
7 days only):

Generally speaking I don't worry to much about sniffing relays (or
upstreams), that problem is not specific to tor but I agree that it is
probably easier to sniff tor traffic than non-tor traffic for a
low-budged attacker. (I worry more about big groups of hidden families.)

@chloe: thanks for reporting them, a timeline would be appreciated and
an info to tor-talk (after you reported them to bad-relays)

@phw: did the dir authorities blacklist
09A880567B0839B4085C2EC14002DE34AAFE8548 or did it disappear on its
own? (downtime 4 days)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150626/12d5f6d3/attachment-0001.sig>

More information about the tor-talk mailing list