[tor-project] Many bridges (22%) have nickname "ki"

David Goulet dgoulet at ev0ke.net
Tue Dec 20 16:39:36 UTC 2016 

On 13 Dec (16:26:02), David Goulet wrote:
> On 13 Dec (21:11:17), Yawning Angel wrote:
> > On Tue, 13 Dec 2016 10:37:31 -0800
> > David Fifield <david at bamsoftware.com> wrote:
> > 
> > > This is a bit of a followup to my earlier post on obfs4 bridges with
> > > formulaic nicknames:
> > > https://lists.torproject.org/pipermail/tor-project/2016-November/000809.html
> > > 
> > > 
> > > Those bridges are still there, but today I noticed a new weirdness:
> > > 756 bridges all having the nickname "ki". 756 is 21.8% of the total
> > > number, 3464. At the moment, "ki" far outnumbers every other
> > > nickname, apart from "Unnamed":
> > [snip]
> > 
> > Should both groups be dropped at the BridgeAuth or what?  As far as I
> > am aware, there is nothing that is doing Sybil detection at the Bridge
> > level, and I don't really think that's an arms race that's winnable
> > (even at the standard relay level, it feels like an uphill battle).
> > 
> > If I were to hypothesize, it's probably someone's botnet/malware or
> > something (in both cases), but that's just a guess and it could be
> > something either more nefarious, or more benign.
> 
> Yes, we should be safe here and reject those.
> 
> What's the procedure with the BridgeAuth? The dirauth-conf git repository
> isn't made for the bridge authority.

I want to bump this here btw.... I don't feel very comfortable with those
bridge still around so we should REALLY block them soon.

If I remember correctly, Roger told me on IRC that we either have to go
through the BridgeAuth directly with reject rules (unconfirmed) or we block
them on BridgeDB.

I need someone with knowledge here and Isis needs to be in the loop as she
basically run both service :).

Thanks!
David

> 
> Cheers!
> David
> 
> > 
> > Regards,
> > 
> > -- 
> > Yawning Angel
> > _______________________________________________
> > tor-project mailing list
> > tor-project at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
> 



> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 585 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20161220/b0558365/attachment.sig>

More information about the tor-project mailing list