On 7/21/17 12:12, [email protected] wrote: > Hello > > A few users have detected suspicious activity around certain Relays in > the network. There could be Time Confirmation Attacks happening > currently on the Live Tor Network. > > If any Tor dev see this, Please Start Checking The US Relays in the > network. > -- > Securely sent with Tutanota. Claim your encrypted mailbox today! > https://tutanota.com >
Since this person has yet again left out all the important information, here's what this person has to say. I'm quoting this Reddit comment: https://www.reddit.com/r/TOR/comments/6oor5n/confirmation_attacks_and_bad_relays/dkizo2o/ """ Ive noticed every single node in the circuits i start building all connect to 3 Relays in the US. Then today a relay operator notices this: I operate the apx family of exit nodes. [1] It may be valuable to know that traffic confirmation attacks [2] are seemingly taking place. [3] [1] apx1 apx2 apx3 [2] http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf EDIT> See https://www.reddit.com/r/DarkNetMarkets/comments/6oocii/tor_traffic_confirmation_attacks/ [3] Regular 30 second windows with around 1.8 Gbit/s - 2.1 Gbit/s of traffic on each of the exits which are also guards (apx1, apx2) while the exit which isn't a guard sees stable traffic of only ~ 1 Gbit/s (apx3). Circuits to hidden services include guards and middle nodes (rendevouz point). DDoS attacks against hidden services do not affect exit nodes unless they are also guard nodes. """ I now ask: 1. Please provide proof that all your circuits always contain 3 relays in the US. If you didn't actually mean that all circuits always have all 3 relays in the US, then please explain why you think sometimes having all 3 in the same country is bad. Keep in mind that guard nodes are a thing and it isn't weird to have the same 1st hop in every circuit. Also keep in mind that (i) there are a large number of relays in a small number of countries, (ii) a relay existing in country X does not necessarily mean they are dangerous relays, (iii) you should assume large adversaries would geo-diversify. 2. What is the point of bringing up the traffic you see on your relays? It isn't obvious to me. Keep in mind that relays aren't always assigned weights in a predictable or perfectly fair manner. I run multiple relays on a single machine and they get weighted very differently. Matt _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
