[tor-talk] SIGAINT email service targeted by 70 bad exit nodes
nusenu
nusenu at openmailbox.org
Sun Apr 26 11:19:08 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> On Thu, Apr 23, 2015 at 07:30:57PM +0000, nusenu wrote:
>>> Almost all of them were younger than one month and they seem
>>> to have joined the network in small batches. I uploaded
>>> Onionoo's JSON-formatted relay descriptors, so everybody can
>>> have a look:
>>> <http://www.nymity.ch/badexit/bad_descriptors_2015-04-23.zip>
>>
>> I compared your list (71 FPs) with my list (55 FPs) from
>> 2015-04-05 [1], we have an overlap of (only) 30 relays. An
>> overlap of around ~50 would be better.
>
> Yes, I remember your list. Thanks a lot for sharing it, it's
> really helpful!
>
> The relays that are in your, but not in my list indeed look quite
> similar to the rest. They don't have a BadExit flag because nobody
> has caught them doing something nasty yet.
So you do not think that they are controlled by the same (malicious)
entity? (even though some declare their MyFamily accordingly*)
Or is the requirement to flag them as badexit to catch them red handed?
The case that one took over legit relays is unlikely since many are
rather 'fresh' ones.
Or: Are they still on the network so we can see what they are after? ;)
(rather hard given the amount of potential targets)
Did you (or anyone else?) try to reach out to them via their ISP(s)?
*) Why would a malicious entity start to declare a MyFamily at all?
I guess due to my email from
https://lists.torproject.org/pipermail/tor-talk/2015-April/037384.ht
ml and it does not actually hurt their malicious activities because
the little groups are in the same /16 anyway. (They do not put all
their relays in a family)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVPMmsAAoJEFv7XvVCELh0DmgP/2Nl4PnaNoLbI16aEDkajNtk
4Kba6xNSPWYEgJsAFSonn8mRfPG4HR4yHJPiU2ZusHgm7SM5K3/iAb8PSaaef4M1
9D2zlcENFVJxpjQaW/JR6rINDDpj9keHLWh2flGV2jwA/+HxgpI6/go8GJ43xeb9
KSR+Ll0FqfBiTFqpMqiOiaDzQqALHdBexJ/a7KU7t+3L9hrvD5VlR8eBNPYpkI/K
se34lGnHzdhJwHh0zMo5+OByimmb6ITWfkdGY5LogQA/EgbRbh2woS2CeWGI21Lk
xaW1voGpiwHVHgbCNaeYk8Q4f+guKNzOd7mDcMdonrUdVKjvKA+VmiDznlucT0FR
QfVCCkadwbabehgersXWBb0IrLRysBV/mbIElOhaU3tnGXyTrZMcrzWEZaEDEBan
NSeVm6F9foRnzSsvLNy+ljT0A1571e0E7ej91ZGStcuPIjFFMZmOz/Ekce2ZOfC5
hYorrZXStJQkon5oT6nBQIi/BKnadeaaeaWQwdc6edVEw8NLmH8MJPtrF0jRoSVv
aKEXmOvZ9F70aqkXYS5236LCeYBF1h6h9mWS9Z4pkW8AMoyHaEy2lIAomx4KLTJt
19NG5Hzt1/wh2aevXUsZWLvtQAqnVzPFQPZGd92hAmQQHWjZTUAwzHEw8/cwdU59
Uu2ONbYmqdbEeClv4bp0
=0zDD
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list