On Wed, 10 Sep 2008 07:46:51 -0600 "Kasimir Gabert" <[EMAIL PROTECTED]> wrote: >On Wed, Sep 10, 2008 at 7:28 AM, Scott Bennett <[EMAIL PROTECTED]> wrote: >>> >>>The fact of not being an exit node would make it a better corruped >>>relay? I mean, if I would like to DOS the Tor network I would be better >> >> No, or at least I don't think so. What I was referring to is that most >> of the trouble we've had from bad operators has taken the form of corrupted >> exit servers, where what goes into or comes out of the exit is in the clear >> and can be altered before it is sent where it is going. >> >>>to set the trojan node as internal? >>> >> For this kind of attack, I suppose there might be some sort of advantage >> to being only a relay and not an exit because route selection often prefers >> non-exit relays for non-exit positions in a route, and a typical route has >> two non-exit positions but only one exit position. So the chances to bog >> down performance might be a bit higher if the attacker focused on non-exit >> usage. >> But Roger has already said that clients believe that no server really >> handles more than 5 MB/s, so they trim any figures greater than that back to >> 5 MB/s. If you had a dozen or two tor servers falsely reporting high usages, >> each at 5 MB/s or more, it might make a mess of things because they would >> distort the networkwide statistics, especially if those servers did not >> identify themselves as all being members of the same Family.
A footnote to the above is that a real attacker of this sort could perhaps avoid notice quite a while longer by running a somewhat larger number of slow servers that published bogus rates in the 1 MB/s to 4 MB/s range. The rates would thus appear to be valid to tor and on the torstatus page would scatter attacker servers in with a substantially larger group of high-bandwidth, good servers. > >For reference, the reported bandwidth values from mnl hover around >2000 KB/s, but are very flaky (I'll assume this is caused by the >connection issues Domenico was talking about). Thanks. I knew I had seen it frequently somewhere in the upper reaches of the distribution. > >http://trunk.torstatus.kgprog.com/router_detail.php?FP=abd38668d3f476f50232fec0b6db6550ea43edd0 > Oh, wonderful! The graphs spanning different time scales look great, but naturally make me wish for more. :-) Would it be feasible to be able to request graphs covering specific (i.e., starting date to ending date) time periods? Thanks for the good work. I assume the new version of the torstatus scripts will let us get graphs like the ones you've shown at the link above. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************