[metrics-bugs] #30636 [Metrics/Analysis]: Something funky is going in Iran: numbers of relay users flies off to 1M+

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Dec 7 05:59:24 UTC 2019 

#30636: Something funky is going in Iran: numbers of relay users flies off to 1M+
------------------------------+------------------------------
 Reporter:  cypherpunks       |          Owner:  metrics-team
     Type:  task              |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Metrics/Analysis  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:  ir                |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+------------------------------

Comment (by dcf):

 Replying to [comment:33 dcf]:
 > In the recent past, I've seen two large but brief spikes of users from
 IP addresses located in Iran, on two of my vanilla bridges. (In the second
 case, the bridge is actually supposed to be a meek bridge, but the Iranian
 IP addresses were connecting to one of its exposed ORPorts.)

 Since 2019-11-26, it has been happening again: a sudden large number of
 users from IP addresses in Iran directly accessing the ORPort of what is
 normally a meek bridge. This time it is more sustained, more than a week
 now and counting.

 There are three meek bridges running on the same IP address. They each use
 a different ORPort. Two of the three are affected by the recent Iran-
 related activity; one is not. The non-meek bridge
 (272EB44C8992B8088BD8E8A12DB23B56478EB885) mentioned in comment:33 is not
 affected this time.

 https://metrics.torproject.org/rs.html#details/AA033EEB61601B2B7312D89B62AAA23DC3ED8A34
 This is the same bridge as the second graph in comment:33; notice the
 sudden increase this time is even more marked than it was 3 months ago.
 [[Image(history-starman-20191207.png)]]

 https://metrics.torproject.org/rs.html#details/C20658946DD706A7A2181159A1A04CD838570D04
 [[Image(history-maenad-20191207.png)]]

 https://metrics.torproject.org/rs.html#details/D36B0328969EC57AB3085A4470882D99A09C0492
 [[Image(history-GAEuploader-20191207.png)]]

 You can use the hashed bridge fingerprints to look up the source
 measurements for the above graphs. For example, from
 https://collector.torproject.org/archive/bridge-descriptors/extra-infos
 /bridge-extra-infos-2019-11.tar.xz, here are descriptors from before and
 after the sudden increase.

 bridge-extra-infos-2019-11/2/7/27412c87fc1edd16cc2aa86512d6b1b644245f92
 {{{#!html
 <pre>
 @type bridge-extra-info 1.3
 extra-info maenad C20658946DD706A7A2181159A1A04CD838570D04
 master-key-ed25519 QnVpQ5ji4W6utd8W5keg8GZfKsr5Zn4LjB9iipjzJPg
 published <span style="background-color:gold;">2019-11-27 08:59:09</span>
 transport meek
 write-history 2019-11-26 23:40:17 (86400 s)
 1986285568,1133027328,1322062848,756112384,3282477056
 read-history 2019-11-26 23:40:17 (86400 s)
 2157205504,1290130432,1488071680,867490816,3426599936
 dirreq-write-history 2019-11-26 19:40:17 (86400 s)
 21617664,23964672,27646976,31479808,34509824
 dirreq-read-history 2019-11-26 19:40:17 (86400 s)
 1432576,1847296,2151424,2553856,2288640
 geoip-db-digest A131E1F283F4AD307248B03A70B0413E81ADF2A4
 geoip6-db-digest 0EFF3EE1E22927EC9A77BFFAFD703F3A5B32FA79
 dirreq-stats-end 2019-11-27 04:16:01 (86400 s)
 dirreq-v3-ips <span style="background-
 color:gold;">ir=32</span>,by=8,de=8,mx=8,ru=8,ua=8,us=8
 dirreq-v3-reqs <span style="background-
 color:gold;">ir=56</span>,ru=16,by=8,de=8,mx=8,ua=8,us=8
 dirreq-v3-resp ok=80,not-enough-sigs=0,unavailable=0,not-found=0,not-
 modified=32,busy=0
 dirreq-v3-direct-dl complete=0,timeout=0,running=0
 dirreq-v3-tunneled-dl
 complete=68,timeout=8,running=0,min=14872,d1=31578,d2=69803,q1=86947,d3=104322,d4=121244,md=141232,d6=155268,d7=187619,q3=212539,d8=248890,d9=337787,max=1051412
 hidserv-stats-end 2019-11-27 04:16:01 (86400 s)
 hidserv-rend-relayed-cells 9975 delta_f=2048 epsilon=0.30 bin_size=1024
 hidserv-dir-onions-seen 11 delta_f=8 epsilon=0.30 bin_size=8
 padding-counts 2019-11-27 04:16:27 (86400 s) bin-size=10000 write-drop=0
 write-pad=20000 write-total=1740000 read-drop=0 read-pad=280000 read-
 total=1960000 enabled-read-pad=280000 enabled-read-total=1870000 enabled-
 write-pad=20000 enabled-write-total=1130000 max-chanpad-timers=63
 bridge-stats-end 2019-11-27 04:16:27 (86400 s)
 bridge-ips <span style="background-
 color:gold;">ir=136</span>,ru=16,us=16,??=8,be=8,br=8,by=8,de=8,fi=8,gb=8,mx=8,ua=8
 bridge-ip-versions <span style="background-color:gold;">v4=184</span>,v6=0
 bridge-ip-transports <span style="background-
 color:gold;"><OR>=184</span>
 router-digest-sha256 MnN83BPZD3TxNkGqLsSSTV3yg7X2NqWAFv4a8P2WIfc
 router-digest 27412C87FC1EDD16CC2AA86512D6B1B644245F92
 </pre>
 }}}

 bridge-extra-infos-2019-11/8/c/8c72e0590bb39cf43bb139a75d75cae1210cbc51
 {{{#!html
 <pre>
 @type bridge-extra-info 1.3
 extra-info maenad C20658946DD706A7A2181159A1A04CD838570D04
 master-key-ed25519 QnVpQ5ji4W6utd8W5keg8GZfKsr5Zn4LjB9iipjzJPg
 published <span style="background-color:gold;">2019-11-30 06:42:12</span>
 transport meek
 write-history 2019-11-29 23:40:17 (86400 s)
 756112384,3282477056,55211226112,225877932032,284260692992
 read-history 2019-11-29 23:40:17 (86400 s)
 867490816,3426599936,54093441024,220877935616,279221173248
 dirreq-write-history 2019-11-29 19:40:17 (86400 s)
 31479808,34509824,1802655744,10318318592,11527681024
 dirreq-read-history 2019-11-29 19:40:17 (86400 s)
 2553856,2288640,179941376,936901632,818993152
 geoip-db-digest A131E1F283F4AD307248B03A70B0413E81ADF2A4
 geoip6-db-digest 0EFF3EE1E22927EC9A77BFFAFD703F3A5B32FA79
 dirreq-stats-end 2019-11-30 04:16:01 (86400 s)
 dirreq-v3-ips <span style="background-
 color:gold;">ir=23312</span>,us=56,??=32,de=32,ca=16,es=16,gb=16,nl=16,ae=8,ar=8,au=8,be=8,bg=8,br=8,by=8,dk=8,fi=8,fr=8,hk=8,hu=8,id=8,ie=8,it=8,jp=8,kr=8,lt=8,lu=8,mx=8,pl=8,ro=8,ru=8,sg=8,tr=8,tw=8,ua=8
 dirreq-v3-reqs <span style="background-
 color:gold;">ir=28880</span>,us=64,de=40,??=32,nl=24,ca=16,es=16,gb=16,ae=8,ar=8,au=8,be=8,bg=8,br=8,by=8,dk=8,fi=8,fr=8,hk=8,hu=8,id=8,ie=8,it=8,jp=8,kr=8,lt=8,lu=8,mx=8,pl=8,ro=8,ru=8,sg=8,tr=8,tw=8,ua=8
 dirreq-v3-resp ok=29120,not-enough-sigs=0,unavailable=0,not-found=0,not-
 modified=1528,busy=0
 dirreq-v3-direct-dl complete=0,timeout=0,running=0
 dirreq-v3-tunneled-dl
 complete=27816,timeout=1304,running=4,min=80,d1=48481,d2=92700,q1=106862,d3=118334,d4=143847,md=170826,d6=193543,d7=223037,q3=243784,d8=268376,d9=332638,max=113113000
 hidserv-stats-end 2019-11-30 04:16:01 (86400 s)
 hidserv-rend-relayed-cells 5253 delta_f=2048 epsilon=0.30 bin_size=1024
 hidserv-dir-onions-seen 42 delta_f=8 epsilon=0.30 bin_size=8
 padding-counts 2019-11-30 04:16:27 (86400 s) bin-size=10000 write-drop=0
 write-pad=190000 write-total=562920000 read-drop=0 read-pad=11170000 read-
 total=552420000 enabled-read-pad=9410000 enabled-read-total=478000000
 enabled-write-pad=130000 enabled-write-total=37330000 max-chanpad-
 timers=72
 bridge-stats-end 2019-11-30 04:16:27 (86400 s)
 bridge-ips <span style="background-
 color:gold;">ir=36608</span>,us=184,de=88,??=56,gb=48,ca=32,fr=32,nl=32,es=24,kr=24,jp=16,pl=16,ro=16,ru=16,ae=8,ar=8,au=8,be=8,bg=8,br=8,by=8,ch=8,cz=8,dk=8,fi=8,hk=8,hu=8,id=8,ie=8,in=8,it=8,lt=8,lu=8,md=8,mx=8,se=8,sg=8,th=8,tr=8,tw=8,ua=8,ve=8
 bridge-ip-versions <span style="background-
 color:gold;">v4=37216</span>,v6=0
 bridge-ip-transports <span style="background-
 color:gold;"><OR>=37216</span>
 router-digest-sha256 Nid+NoTgC7PJqulo2WzYH0utNQijVBQA8rW3n/dGjog
 router-digest 8C72E0590BB39CF43BB139A75D75CAE1210CBC51
 </pre>
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30636#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the metrics-bugs mailing list