[tor-talk] DocTor's 'Possible Sybil Attack' (2015-06-03) report
Donncha O'Cearbhaill
donncha at donncha.is
Thu Jun 4 10:21:16 UTC 2015
On 03/06/15 22:24, nusenu wrote:
>
> DocTor reported a possible sybil attack:
> https://lists.torproject.org/pipermail/tor-consensus-health/2015-June/005842.html
>
> based on their signup and AS patterns this looks reasonable
>
> lookup based on *nicknames* (onionoo data from 2015-06-03 18:00:00):
> [1]
> https://raw.githubusercontent.com/nusenu/tor-network-observations/master/doctors_sybil_attack_report_2015-06-03.txt
>
> Relays of that group started to signup on 2014-11-17
>
>
> lookup based on fingerprints (onionoo data from 2015-06-03 20:00:00)
>
> https://github.com/nusenu/tor-network-observations/blob/master/doctors_sybil_attack_report_2015-06-03_by_fingerprint.txt
>
Well spotted nusenu!
These relays have previously been excluded from the Tor network. They
have now tried rejoining with new fingerprints. All of the following
relays are confirmed as being managed by the same operator.
Could these be excluded from the network again?
✗ python corrolate.py -p 9251 --fields
'address,or_port,dir_port,as,tor_version,uptime,bandwidth,nickname'
--counter='as,tor_version,bandwidth' --ip-file ../bigsybil/ips3.txt
2015-06-04 11:12:04,501 [DEBUG]: Loaded MaxMind AS database
2015-06-04 11:12:04,504 [DEBUG]: Successfully connected to the Tor
control port
2015-06-04 11:12:06,815 [DEBUG]: Finished loading Tor relay descriptors
2015-06-04 11:12:06,995 [DEBUG]: Filters matched 97 relays
2015-06-04 11:12:07,010 [DEBUG]: Prepared final relay info, outputting now!
address or_port dir_port as tor_version uptime
average_bandwidth nickname
--------------- --------- ---------- ------- -------------
--------------- ------------------- -------------------
23.239.19.120 9007 9036 AS3595 0.2.4.27 8:16:08
524288 LimpyPurse
23.239.19.120 9008 9037 AS3595 0.2.4.27 12:45:36
524288 AlongProxy
23.239.19.153 9009 9038 AS3595 0.2.4.27 13:00:48
524288 IrateConcept
23.239.19.153 9010 9039 AS3595 0.2.4.27 12:16:04
524288 ObnoxiousLiar
23.239.29.65 9001 9030 AS36351 0.2.4.27 1 day,
6:46:16 524288 blahrelayblah
23.239.29.65 9002 9031 AS36351 0.2.4.27 1 day,
2:46:20 524288 blahrelayblah2
50.116.29.54 9001 9030 AS36351 0.2.4.27 0:18:18
524288 ChromeAutopsy
50.116.29.54 9002 9031 AS36351 0.2.4.27 7:16:09
524288 UncommonAngel
50.116.32.217 9007 9036 AS3595 0.2.4.27 4:45:41
1048576 RelayOfTheMagic
50.116.32.217 9008 9037 AS3595 0.2.4.27 10:30:20
1048576 UndercoverRelay
50.116.47.171 9009 9038 AS3595 0.2.4.27 13:45:32
1048576 RelayUprising
50.116.47.171 9010 9039 AS3595 0.2.4.27 14:00:47
1048576 PrimoRelay
66.175.214.149 9003 9032 AS8001 0.2.4.27 7:30:23
1048576 Barnaby
66.175.214.149 9004 9033 AS8001 0.2.4.27 4:00:57
1048576 Loki
66.228.62.91 9005 9034 AS3595 0.2.4.27 0:18:18
1048576 PlethoraTor
66.228.62.91 9006 9035 AS3595 0.2.4.27 14:16:02
1048576 LoadedDetermined
74.207.224.63 9001 9030 AS3595 0.2.4.27 5:46:41
524288 LocustModest
74.207.224.63 9002 9031 AS3595 0.2.4.27 7:30:23
524288 AllergyOfUniverse
74.207.237.167 9001 9030 AS3595 0.2.4.27 0:16:16
1048576 TORtastic
74.207.237.167 9002 9031 AS3595 0.2.4.27 14:45:31
1048576 AtlantaTORJunction
80.85.84.240 9009 9038 AS15830 0.2.4.27 0:16:16
524288 BionicNavel
80.85.84.240 9010 9039 AS15830 0.2.4.27 5:00:56
524288 HealthyNevada
97.107.142.218 9001 9030 AS8001 0.2.4.27 10:31:21
1048576 FreeAndRiseUp
97.107.142.218 9002 9031 AS8001 0.2.4.27 12:46:34
1048576 FreeAndRiseUpAgain
104.200.16.86 9007 9036 AS36351 0.2.4.27 7:45:38
524288 LavenderSouth
104.200.16.86 9008 9037 AS36351 0.2.4.27 8:00:53
524288 FuzzyPharoah
104.200.18.182 9005 9034 AS36351 0.2.4.27 12:15:03
524288 CinematicPlunger
104.200.18.182 9006 9035 AS36351 0.2.4.27 2:30:28
524288 UndefeatedAlloy
104.237.128.84 9003 9032 AS36351 0.2.4.27 1 day,
2:15:50 524288 RelayMonastery
104.237.128.84 9004 9033 AS36351 0.2.4.27 1 day,
10:15:42 524288 SecureExorcism
104.237.129.52 9007 9036 AS36351 0.2.4.27 12:00:49
524288 DidacticTerrorism
104.237.129.52 9008 9037 AS36351 0.2.4.27 15:01:47
524288 CrapMage
104.237.129.78 9005 9034 AS36351 0.2.4.27 21:00:40
524288 BleachSoul
104.237.129.78 9006 9035 AS36351 0.2.4.27 23:01:39
524288 ClassroomRealm
104.237.129.142 9009 9038 AS36351 0.2.4.27 0:16:16
524288 HerdOfOffense
104.237.129.142 9010 9039 AS36351 0.2.4.27 9:46:37
524288 SexualBinge
104.237.131.75 9009 9038 AS36351 0.2.4.27 12:00:49
524288 NebulaScript
104.237.131.75 9010 9039 AS36351 0.2.4.27 11:31:20
524288 DerelictWhale
104.237.131.107 9007 9036 AS36351 0.2.4.27 20:45:25
524288 LiberalWhisper
104.237.131.107 9008 9037 AS36351 0.2.4.27 1 day,
0:15:52 524288 PhotoFearTheOutlaw
104.237.134.102 9009 9038 AS36351 0.2.4.27 1 day,
7:15:45 524288 RepublicanCrib
104.237.134.102 9010 9039 AS36351 0.2.4.27 21:01:41
524288 ReverentVan
106.185.28.113 9009 9038 AS2516 0.2.4.27 0:16:16
1048576 RiotSpiral
106.185.28.113 9010 9039 AS2516 0.2.4.27 12:30:18
1048576 OpticalRelay
106.185.31.129 9003 9032 AS2516 0.2.4.27 7:46:39
524288 VegetableJockey
106.185.31.129 9004 9033 AS2516 0.2.4.27 5:30:25
524288 RumpFrolic
106.185.36.183 9005 9034 AS2516 0.2.4.27 15:00:46
524288 RiskSlide
106.185.36.183 9006 9035 AS2516 0.2.4.27 10:00:51
524288 LanceHumor
106.185.39.58 9007 9036 AS2516 0.2.4.27 14:15:01
524288 PeanutEternity
106.185.39.58 9008 9037 AS2516 0.2.4.27 3:46:43
524288 EstrangedAir
106.185.48.214 9009 9038 AS2516 0.2.4.27 0:15:15
524288 UntilLight
106.185.48.214 9010 9039 AS2516 0.2.4.27 12:01:50
524288 PatheticOcean
106.186.117.65 9007 9036 AS2516 0.2.4.27 0:16:16
1048576 RelayOfTheMiracle
106.186.117.65 9008 9037 AS2516 0.2.4.27 8:45:37
1048576 PornoLiberation
106.187.38.198 9001 9030 AS2516 0.2.4.27 5:16:11
1048576 kanpai
106.187.38.198 9002 9031 AS2516 0.2.4.27 3:00:58
1048576 Maru
106.187.92.163 9003 9032 AS2516 0.2.4.27 12:16:04
1048576 Scorpio
106.187.92.163 9004 9033 AS2516 0.2.4.27 9:00:52
1048576 JungleOfTheUnhappy
106.187.94.69 9001 9030 AS2516 0.2.4.27 5:15:10
524288 KillerHumanity
106.187.94.69 9002 9031 AS2516 0.2.4.27 15:00:46
524288 ThrashingCobra
106.187.94.254 9005 9034 AS2516 0.2.4.27 5:45:40
1048576 EliteRelay
106.187.94.254 9006 9035 AS2516 0.2.4.27 12:45:33
1048576 SumoConfidence
151.236.222.27 9007 9036 AS15830 0.2.4.27 4:45:41
524288 GroupIsland
151.236.222.27 9008 9037 AS15830 0.2.4.27 9:45:36
524288 WantedLube
162.216.19.237 9009 9038 AS8001 0.2.4.27 11:31:20
1048576 Chronos
162.216.19.237 9010 9039 AS8001 0.2.4.27 15:01:47
1048576 Ananke
173.230.131.207 9003 9032 AS3595 0.2.4.27 2:00:59
524288 CapitalDensity
173.230.131.207 9004 9033 AS3595 0.2.4.27 15:16:01
524288 DanalFrequent
173.230.134.56 9003 9032 AS3595 0.2.4.27 0:15:15
1048576 TorScorpion
173.230.134.56 9004 9033 AS3595 0.2.4.27 15:00:46
1048576 TorOfTheFreedom
178.79.133.64 9001 9030 AS15830 0.2.4.27 3:30:27
524288 FlyTheFlag
178.79.133.64 9002 9031 AS15830 0.2.4.27 0:17:17
524288 Tortuga
178.79.134.183 9003 9032 AS15830 0.2.4.27 0:16:16
524288 FrictionVerbose
178.79.134.183 9004 9033 AS15830 0.2.4.27 0:16:16
524288 SearingFreeway
178.79.142.224 9001 9030 AS15830 0.2.4.27 5:30:25
524288 AnarchyFlashing
178.79.142.224 9002 9031 AS15830 0.2.4.27 0:15:15
524288 SalineGodfather
178.79.144.28 9005 9034 AS15830 0.2.4.27 11:16:05
524288 DazzleIntrospection
178.79.144.28 9006 9035 AS15830 0.2.4.27 12:45:33
524288 RelayOpus
178.79.157.36 9003 9032 AS15830 0.2.4.27 4:45:41
524288 ForumAnimator
178.79.157.36 9004 9033 AS15830 0.2.4.27 9:45:36
524288 RoundAlgae
178.79.161.237 9007 9036 AS15830 0.2.4.27 4:45:41
524288 TORExtravaganza
178.79.161.237 9008 9037 AS15830 0.2.4.27 14:15:01
524288 OutlawRelay
178.79.170.181 9005 9034 AS15830 0.2.4.27 2:15:13
524288 GogglesSausage
178.79.170.181 9006 9035 AS15830 0.2.4.27 2:15:13
524288 DelicateJacket
192.155.95.122 9005 9034 AS3595 0.2.4.27 9:45:36
524288 MightyMercury
192.155.95.122 9006 9035 AS3595 0.2.4.27 9:00:52
524288 ProactiveBox
198.58.103.147 9001 9030 AS36351 0.2.4.27 15:00:46
524288 GarlicPriest
198.58.103.147 9002 9031 AS36351 0.2.4.27 12:45:33
524288 LoopyAfternoon
198.58.106.245 9003 9032 AS36351 0.2.4.27 13:45:32
524288 OnionOfIncision
198.58.106.245 9004 9033 AS36351 0.2.4.27 9:30:21
524288 HackerOfPhysics
198.58.109.82 9003 9032 AS36351 0.2.4.27 3:45:42
524288 FairSharp
198.74.58.206 9005 9034 AS8001 0.2.4.27 9:15:06
1048576 Batman
198.74.58.206 9006 9035 AS8001 0.2.4.27 0:16:16
524288 Joker
198.74.62.107 9007 9036 AS8001 0.2.4.27 0:17:17
1048576 Scotch
198.74.62.107 9008 9037 AS8001 0.2.4.27 7:45:38
1048576 Soda
212.71.249.69 9009 9038 AS15830 0.2.4.27 7:16:09
524288 GaussianVisual
212.71.249.69 9010 9039 AS15830 0.2.4.27 12:31:19
524288 AuralSecurity
as tor_version average_bandwidth
------- -- ------------- -- ------------------- --
AS36351 27 0.2.4.27 97 524288 68
AS15830 20 1048576 29
AS2516 20
AS3595 20
AS8001 10
2015-06-04 11:12:07,018 [DEBUG]: Output complete. Finished
7B87C7BED4D1EE7FFB4C0E41FFB44E0C97C46808
F5E5478BC96AF37BFCE20DE562FD7F437F3BC990
3C8FFB73B51B903C11D29D1E20012EB8485C7164
589C81B4619E00606E7D5B5E31F0A884D0887036
F1E43EC217A4977CB6EFC735E7896A1F7B35050B
285AB8E2B158EED4B91A001D372674421CEAC44F
F141B9C3B13B10D5B11C26DFAABAB37EB3942806
440B080DB3B46E8B223C2CDEC8D0C25FE1A02225
5F080EADE337945FF1CDB08B7F977E6A40028753
E50E726A8A3BD9707AB37C624270AD2A88B2923D
FA44D2BCC32D5F898A04C3E01EC222072E5A3CFE
ECADA88DEF8B82DA2773D67E29E7A94763154BC7
889B930CF628C23633D30068C30C685E0233CEE0
CC9A5AF154795AEC18CAF781D50A67C3FE218770
136A3E53323F7C3A06E50906DF69E874CAE3BC2F
C5DDBFB492E178E5D5769EF13308B1C0219D4D53
3AFA6261B0567043B06D8F8F39B12CA1EB8617EB
1B51455668E2EDAD1E09CDA992CAE51FF45197AA
0AD68A8CC3B61A0A71244974C2E7C79CE399D3BC
F79FD8EB7C066797C16CDBFB5786504B985A7FBF
E991B4E4F5D0B7EF81FFD27DF8182885D865D35E
CB4C252ECE7E086C857A933F2BA5012F079BE418
C6DEA6E50F96BEFCBA8FAEA66B3A93D01CEFF1EF
812B0FC000E60CB1AE025EE8A3679865C6378CAF
11DDCC89DA6D1B6BCF7D07E98A45B86EC2A60993
362B6F0A0C22A6FDE4222FE73E9C3CE8F8E1B10B
44263033E7947F30F53EDCCE0EF59B79A2209160
9D8E9B4F3958D24EFE9EA57FAC37EE4A88FDB929
9A1FC84F649859D80E6165C2E70B6A01AC5E699E
2F49A0276AFD119543D21CAF7BC2348C93D5AD66
45EC4311436B17A4CE4505872D274863FD4DF0BC
E202901A52312E426B5F5BD0E1B2280E248D18A8
52E5124B93869B42EBA9E650949ABA9EFAD6D47E
BCBAE937DC60F51E1F563580DA73536AA8E93725
242563B853E1308D50046CCCB227B10E192002B3
60113A8E398FDB253C59F4434FCF56C7B4054635
570F6912FBC76F8196E6B1DCA09E9A9DC9C2115F
012FAF961E20C65508D429560E025128CB749E5E
A4AE8DB85AEC1C3F581F328F7704326D96535AAF
0D2E3F3D55077F1F23FC5873FB33110DEEEBCFE3
71D4C73A135DA2E0A0EA64FBBFB5B9C16FAD3CF1
BF7924E487AD5F9A4CB14C56A82539A5043E601F
EC6196D7E642F0FA0D715014D5262989F3973D53
2CE02322DC3462D5B943F2553DB6DCDE12533415
8C5E66C44CAA8BB3C201291BB7734165B87A9733
39C83F9DF58C3030E98D315F5A04CA40BB6485A8
EDB09E769A552F88C4235E24F2E25FF7AC21505F
1BFB7296063BFFB946F5C9D8A0977FA2AB6B3C4D
4934A8B49AD104EC4ECFD3D75B0B91A354790410
6CCE6990E1CD2903BA6E4ED65C8A04146CBF70FB
E2CA2A9DEDC1307EFD995FBE94263DEA73E0E375
FF54E2CA8EB69302868B9A9CDF96B0620D20FF76
CFAA1F5599FE2BB5ECC04006B4F97A4EE6E2B852
5959037B50C40BCC6E5AA47D0C68296586B5D4B2
B429EC313027021D26738F2143600ACEB3289D3B
F57F148D68860163C868AC83D808027DFD64BD16
B8D84556E8BDC31949FCB68296CA691E530C5ABD
25AC37B91D8297D59F82E4131F414B4652BB0C8A
80EC6CE28467D88C77AE04E459E742A936C03F50
FE7796AB74CDD4908875C9D068F6CD0ABA8E9B56
937D4CDE156AC7051B98CA2B9CA824D6D3552F02
AAECD6DE29A7188D69DB02CE137D40BD24C60786
B369446495C65EFF0229ECB7AC49334C51DF2942
38E9356E733F07359E7DAF1D6FDF9AD7C7E195CD
C4A8B06FE82A4742DC78917C471F4D86FC00D903
7FCF72AF1C9A3E0072CAAD055DB79A3627F352AA
9424270479BC1E7C6C6AB6B4132B78DF355993AF
69B6E785EAC83B672E253761BDD1F282BCA65459
79A8D4FBFD51F8C8BA70ABE19EA70223EFBB0ABD
E4760893D12FF428EE24099F4C51D60BE82FE138
CB14233710DA634DD1FFD04EB4A0FC97F5A4109C
B8715F304BB3F196E4BDD3E88503B62834D4C3B6
1161B2B9519712B2792AFA35D7B43704FF5EAE0C
45415AD3E7AC45880B05CB59B6A32DE0E5CDC383
7BF796253797ED57BF20B5477B0442063EB48056
565BF1F3E0975046F5F8C48837DD4563BBDFFD26
103FA75B7081E0467E4C39803240BA450ECB3D86
654A80A7BD1D589C021CC70F68E84929D3FB8B03
83DA2001D79E60829C5AD8920F61CC6AB51720C2
C88B77C971D598E8B2A8827F95EB4BCA319775F1
A25B4C568630B671AD0EB6F7E5CAFE532745A3B9
58EBA057EE300190FF2894D7ACF846F3F7C450DA
349449C996207BD96AAC4C86A98F6CC28FB2D147
45544D0C400F3A6B916767A02D140A12CD908EA1
3981ECBC3A9DABB2C087D60EAB5150F54F0E0475
C4292299D9C755795C2E052F74448A6847A9E231
2B270401D63984CC7D59F07E706D6BFB9E9189A3
E9D28D43AD3876695E10CF5E688FDA387C28DB11
D377EF2D27BFD9F779B23A9CF90C44223AAA8A54
842B9A2C9344B6669B386D2E98F7ED8000A14A68
DD06FF26F9FA3FB4733DAC253E66D116137BCCEF
CE48D44F07276B98D0FCACDF2D93402745EF61A3
8DF41D9D122ADC83A8B97142FA61DCD1404573AA
E2CE17913733D0603BF9B939537F24C62FE564CF
B1EDD1F9F8ADED4A62DCB5CB75CBE895826CCF1E
29E5ACC1E05F98E8B8B8ABC7426E2D1B2F66E3D9
F7E47D8931A4941D0342F9680CE5A1BFC38A50D4
Regards,
Donncha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150604/84e5ba41/attachment-0001.sig>
More information about the tor-talk
mailing list