[tor-talk] A month with BADONIONS
nusenu
nusenu at openmailbox.org
Fri Jun 26 11:45:13 UTC 2015
Hi,
thanks for the pointer.
> This was interesting - not sure if I've missed discussion of it
> here, but I didn't find anything with a quick search.
>
> https://chloe.re/2015/06/20/a-month-with-badonions/
>
> Tl:dr; the author set up a very basic honeypot to detect
> potentially abusive guard and exit nodes, and found some. (Quelle
> surprise!)
>
> The claim that they reported the naughty guard nodes to Tor but
> have not seen any remediation is something which might merit a
> response, if nothing else.
The set of "15 fingerprints" contains only 7 unique fingerprints.
4 are currently (2015-06-26 08:00:00 UTC) running and don't have the
badexit flag.
3 of them signed up on 2014-04-09 but have a consensus weight < 5.
Fastest relay is 'AviatoChortler':
https://atlas.torproject.org/#details/5C83EF015106B21132BC602639FAF8D693330A7C
which signed up 2015-05-21 and has an advertised bw of 31MB/s.
Relay nicknamed 'Hackosaurusrex' appeared already previously (although
with different fingerprint):
https://lists.torproject.org/pipermail/tor-talk/2015-June/038061.html
overview table (includes reported relays that were running in the last
7 days only):
https://raw.githubusercontent.com/nusenu/tor-network-observations/master/2015-06-20_badexits_reported_by_chloe.txt
Generally speaking I don't worry to much about sniffing relays (or
upstreams), that problem is not specific to tor but I agree that it is
probably easier to sniff tor traffic than non-tor traffic for a
low-budged attacker. (I worry more about big groups of hidden families.)
@chloe: thanks for reporting them, a timeline would be appreciated and
an info to tor-talk (after you reported them to bad-relays)
@phw: did the dir authorities blacklist
09A880567B0839B4085C2EC14002DE34AAFE8548 or did it disappear on its
own? (downtime 4 days)
thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150626/12d5f6d3/attachment-0001.sig>
More information about the tor-talk
mailing list