[tor-dev] Is it time to drop support for the v1/v2 protos?

Tom van der Woerdt info at tvdw.eu
Mon Jan 12 19:24:58 UTC 2015 

Philipp Winter schreef op 12/01/15 om 20:14:
> On Mon, Jan 12, 2015 at 06:57:01PM +0100, Tom van der Woerdt wrote:
>> 23% is a lot though - so high that I really doubt it's true. The
>> ratios between handshakes and deduplicated handshakes is also rather
>> strange. Is there anything we can do to the dataset to find out why
>> the amount is so high?
>
> When looking at the ratio, consider that the majority of relays runs
> newer versions of Tor [0].  Over these three days, my relay has
> established hundreds of connections to other relays over and over again.
> When deduplicating relays' addresses, all these connections get reduced
> to one which explains why the per-host fraction of version 3 and 4 is
> much smaller than the per-connection fraction.
>
> Apart from that, I agree that the number of old clients is unexpected.
> First, I suspected the Sefnit botnet (which might still account for ~50%
> of Tor "users") but apparently the malware uses Tor v0.2.3.25.
>
> I think the same experiment could be repeated by adding the following to
> your tor config:
>
>    Log [or]info file /path/to/logfile
>
> And then, the negotiated protocol versions can be counted by running,
> for example:
>
>    grep -c 'Negotiated version 2' /path/to/logfile
>
> [0] <https://metrics.torproject.org/versions.html>
>


Interestingly, that paints a completely different picture. I added that 
line to two machines (guard+exit) and after a few minutes :

# cat /var/lib/tor/node*/infolog | grep Negotiated | awk '{ print $8 }' 
| sort | uniq -dc
      40 2
      76 3
    3811 4

# cat /var/lib/tor/node*/infolog | grep Negotiated | awk '{ print $8 }' 
| sort | uniq -dc
      50 2
     122 3
    6269 4

I'll let it run a bit longer but these two machines (which are both 
exits as well - probably relevant) get almost solely v4 handshakes.

Tom

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3729 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150112/41745cb9/attachment.bin>

More information about the tor-dev mailing list