[tor-relays] Bots, love 'em or hate 'em?
Yawning Angel
yawning at schwanenlied.me
Tue Sep 8 08:38:14 UTC 2015
On Tue, 8 Sep 2015 02:03:07 -0400
Roger Dingledine <arma at mit.edu> wrote:
> On Mon, Sep 07, 2015 at 10:30:38AM -0400,
> starlight.2015q3 at binnacle.cx wrote:
> > This is curious: Appears a large number of Tor
> > client-bots have set
> >
> > UseEntryGuards 0
> >
> > From current relays that have never had the guard flag:
> >
> > extra-info moep DA8C1123CDB3ACD3B36CD7E7CEFBEA685DED2276
> > entry-ips
> > us=360,de=296,fr=232,it=192,es=160,jp=104,ru=104,br=96,ir=96. . .
>
> These are likely clients using a version from before we introduced
> directory guards. So they probably use entry guards like normal, and
> they just choose relays at random to fetch their directory info.
>
> This is why relays report dirreq-v3-reqs lines (number of v3 consensus
> requests) in their extra-info descriptors too, and not just total
> connection counts.
This does present us with an opportunity to gain an actual estimate for
the number of botnet clients since there's a way to distinguish them
from normal users.
Not sure if we'd require actual metrics or if this is just a matter of
analysis.
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150908/83ac0b8b/attachment.sig>
More information about the tor-relays
mailing list