[tor-talk] State of bad relays (March 2017)

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Sat Mar 4 10:38:07 UTC 2017

On 3/3/17 7:29 PM, George Kadianakis wrote:
> Hello list,
> in this email we will present you the current state of bad relays on the Tor network.
> It should be no surprise that the Tor network is under constant attack. As part
> of critical Internet infrastructure, people have been attacking our network in
> various ways and for multiple reasons. Some people do it for research purposes,
> others to satisfy their curiosity whereas others have flat out malicious intent.
> Two common Tor network abuses are:
> a) Bad exit nodes sniffing and messing around with client traffic.

Imho those should likely be splitted in other two different categories
of Bad exist nodes:

a-1. passively sniffing
a-2. actively manipulating client traffic

I feel that we would need to implement a bit more detection methods in
trying to identify those who does passive sniffing, but does not
actively manipulate client traffic.

It's more difficult, it could lead to false positive without "evidences"
but with "highly reasonable suspects" and that could be a specific
branch of detection patterns and counter-espionage techniques to be put
in places for that specific purposes.

Then the problem is "what to do when there's suspect that someone is
passively sniffing" but there's no scientifically proven evidences?

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -

More information about the tor-talk mailing list