On 11/12/2015 03:12 AM, coderman wrote: > On 11/12/15, Mirimir <[email protected]> wrote: >> ... >> Yes, it was subtle. But it was also, as I understand it, pointless >> except as an attack. And it was new behavior, right? > > you would not believe the kinds of fucked up clients and relays that > participate in the Tor network! even the friendly implementations in > Java or Rust have at times failed in ways that look like an attack. > > i don't think people appreciate the scale, complexity, and novelty of > activity in the Tor ecosystem.
I'm sure that I don't. But maybe it would be better to consider odd behavior as attacks until confirmed as friendly bugs. <SNIP> >>> how would you have spotted it? >> >> I'm not technical enough to answer that. But generally, I think that >> they ought to put more effort into monitoring. Especially for new >> relays. Look for anything unusual. > > this is indeed a challenge! > > not just for circuit behavior in general, > but also bad exit checking (which is usually bad upstream) > and suspicious cliques of relays. > > proposals and patches welcome :) Maybe the Tor network needs an IDS ;) > best regards, >
