[tor-relays] The Tor flood
Andy Isaacson
adi at hexapodia.org
Sat Sep 7 00:48:07 UTC 2013
On Fri, Sep 06, 2013 at 12:42:28PM -0700, David Carlson wrote:
> I think that it may be somewhat ego-centric to accept the argument that
> this apparent flood is actually directed at the Tor network. It may be
> that the real goal is to find efficient weapons to attack the Internet as a
> whole, or major segments of it. It may be measuring the response time of
> the Tor network as well as that of various defenders who are trying to
> disarm bot-nets.
That theory seems even more egocentric than the most likely scenario.
The traffic pattern is consistent with a botnet simply using a
<foo>.onion for their regular HTTP C&C channel, without keepalives.
Each GET results in a new hidden service rendezvous circuit. Slow as
heck but the botnet doesn't care, and absurdly inefficient but ibid.
I'm attributing to ignorance that which does not need malice to explain.
:)
-andy
More information about the tor-relays
mailing list