Re: [tor-relays] Current state of HSDir attacks on hidden services
On Wed, Dec 12, 2018 at 02:59:34PM -0500, Jonathan D. Proulx wrote:
> Is it really still the case that spending a little time crafting
> the "right" finger prints i sall it takes for an adversary to
> reliably host the HSDir for a given hidden service? Well and
> 4-5 days uptime...
For the "legacy" v2 onion service design, yes. But for the v3 onion
service design, this class of attack does not work: the HSDirs for v3
onion services are unpredictable until the day of, because one of the
inputs to the hash function that determines the HSDirs is the daily
global shared-random-value:
https://gitweb.torproject.org/torspec.git/tree/srv-spec.txt
I guess in theory we could do a flag day and make everybody who upgrades
use this shared-random-value as part of the hash for determining HSDirs
for v2 onion services too. But it would probably result in a lot of
unhappy people, and anyway v2 has other problems too, like its keys are
way too short, so we'll be happiest if we just let it die out over time.
Another option would be to not worry about relays that appear to be trying
to attack v2 onion services, on the theory that if you want your onion
service to not be attacked, you should move to v3. The problem there is
that if people are running relays for reasons other than "I want to help
grow the network and keep people safe", then they're not going to have
the right motivations when it comes to other situations where we want
relay operators to act with the safety of users in mind. They've already
signaled to us that they aren't part of our community, so let's use that
information and not wait to find out what else they will do that we don't
like. ("When someone shows you who they are, believe them the first time"
and all that.)
> Assuming the new ColoCrossing nodes are maliciously target ina
> particular hidden service is it just their sloppiness of putting
> them all up in the same place over a short period rather than in
> a slower and more widely distributed manner the only thing that
> prevented them from acheving their unmasking goals?
Two answers:
(A) No, there are scripts we can run to look for fingerprint similarity,
and those scripts don't depend on when the relays joined the network.
See also this paper:
https://nymity.ch/anomalous-tor-keys/
and
(B) You said unmasking, but in its simple form, this attack is about
either measuring popularity of a service or about censoring it. If you get
to be some of the HSDirs for your target onion address, you can measure
its popularity (by counting anonymous lookups). If you get to be all six
of its HSDirs for a day, you can censor that onion address for the day
(by just sending "nope, never heard of it" in response to all lookups).
That said, you could combine "become some of the HSDirs for a particular
onion service" with "run a bunch of guards" and then do correlation
attacks to see if your guards have any clients that are fetching the onion
descriptor from the HSDir (or if you're super lucky, have any clients that
are *posting* the onion descriptor to the HSDir). But if you're patient
(and you already are because in this scenario you're running a bunch of
guards for long enough that they accumulate users), you could also wait
until the day where one of your relays randomly becomes the HSDir for
the onion service in question, which would take longer but not require
any relay key placement attack.
Hope that helps,
--Roger
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] AS: "OVH SAS" - 17 relays (2018-10-24)
a relay gang joined in Oct 2018 at OVH 2018-10-24 | Up | Ext | JoinTime | IP| CC | ORp | Dirp | Version | Contact | Nickname | eFamMembers | FP | |--+---++---+--+---++---+---++---+--| |1 | 0 | 13:43:16 | 145.239.0.204 | de | 443 | 0 | 0.3.4.8 | None | Chief | 1 | 5EF464D06322614A3B8B6C2652C3C616F098EE8A | |1 | 0 | 13:43:17 | 54.37.200.155 | fr | 443 | 0 | 0.3.4.8 | None | Dash | 1 | B55F8445569407FBE6BAF205799A9EF8AC8CC256 | |1 | 0 | 13:43:18 | 51.68.170.247 | fr | 443 | 0 | 0.3.4.8 | None | Rebel | 1 | E7B036D933D6E0A68983E8E3F664EAA54ACDEA37 | |1 | 0 | 13:43:20 | 51.75.82.166 | fr | 443 | 0 | 0.3.4.8 | None | Butch | 1 | 4809E3F9A73F5373734A4D23E7E7807A4743DD8A | |1 | 0 | 13:43:21 | 51.75.153.17 | fr | 443 | 0 | 0.3.4.8 | None | Beauty | 1 | B66FBE3B2D9CE257AF75DEA760C69E379F7CDB80 | |1 | 0 | 13:43:22 | 51.68.170.74 | fr | 443 | 0 | 0.3.4.8 | None | Killer | 1 | E4CB0C293588C3E5FA7DB94485FF2686E128267F | |1 | 0 | 13:43:23 | 51.68.185.141 | fr | 443 | 0 | 0.3.4.8 | None | Arrow | 1 | 707F51E232E0CDAF64EC446609E7112CD3AD11F8 | |1 | 0 | 13:43:24 | 54.37.207.82 | fr | 443 | 0 | 0.3.4.8 | None | Dazzle | 1 | B80142DDCF8D6B72929541EFCC643ECCD99BEE36 | |1 | 0 | 13:50:41 | 145.239.1.97 | de | 443 | 0 | 0.3.4.8 | None | Memo | 1 | 1C514FA1A4F8A464E1853B70AA5D2F16FF087AD2 | |1 | 0 | 13:50:42 | 51.38.107.122 | fr | 443 | 0 | 0.3.4.8 | None | Pitch | 1 | 91B026FA459AE0DA15673AB07A9C6DFF8B41782B | |1 | 0 | 13:50:43 | 51.68.186.59 | fr | 443 | 0 | 0.3.4.8 | None | Smasher| 1 | 3B0EFDE689693CFDEC2305F7B99D5B2FA4A77D91 | |1 | 0 | 13:50:44 | 51.75.85.114 | fr | 443 | 0 | 0.3.4.8 | None | Landslide | 1 | C953A4C8DF0E233CB0D190C2A71B71F634AB4A14 | |1 | 0 | 13:50:45 | 51.68.182.30 | fr | 443 | 0 | 0.3.4.8 | None | Shade | 1 | EBE58DDCC51A9D23EE9DD39791695B608A1DFB29 | |1 | 0 | 13:50:46 | 54.37.207.37 | fr | 443 | 0 | 0.3.4.8 | None | Buster | 1 | D10C82E275A2B0121CF4075C92687F0786A72892 | |1 | 0 | 13:50:47 | 54.37.200.157 | fr | 443 | 0 | 0.3.4.8 | None | Digger | 1 | 6B29A78EEB42D318290DB60C6A2EDC714F1BAD42 | |1 | 0 | 13:50:48 | 54.37.207.84 | fr | 443 | 0 | 0.3.4.8 | None | Pipi | 1 | 150F7C9F4814C4918F4D2DEAA0C7A2255DC8C0E0 | |1 | 0 | 13:50:49 | 51.75.153.19 | fr | 443 | 0 | 0.3.4.8 | None | Shrimp | 1 | 51429A0F427A8DCB5B9DE64E35ECBBB76DAB0F7F | https://nusenu.github.io/OrNetRadar/2018/10/24/a3 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: ColoCrossing + QuadraNet = 42 relays
On Tue, 11 Dec 2018 22:38:00 + nusenu allegedly wrote: > The first column shows the first 4 characters of the fingerprint, the > second how may relays have it and when and where (AS) they joined the > network. > > +--+---+-++ > | FP | # | > first_seen | > as_name| > +--+---+-++ > | 0324 | 3 | 2018-12-11 07:00:00,2018-12-11 08:00:00,2018-12-11 > 10:00:00 | ColoCrossing,QuadraNet Enterprises LLC | | 2D56 | 3 | > 2018-12-10 05:00:00 | > ColoCrossing | | 2EBF | 3 | 2018-12-10 > 06:00:00,2018-12-10 07:00:00,2018-12-10 08:00:00 | > ColoCrossing,QuadraNet Enterprises LLC | | 48A3 | 3 | 2018-12-10 > 06:00:00,2018-12-10 07:00:00,2018-12-10 08:00:00 | > ColoCrossing | | 5F46 | 3 | 2018-12-11 > 07:00:00,2018-12-11 09:00:00,2018-12-11 11:00:00 | > ColoCrossing | | 8788 | 3 | 2018-12-10 > 09:00:00,2018-12-10 10:00:00,2018-12-10 11:00:00 | > ColoCrossing | | A099 | 3 | 2018-12-10 > 16:00:00,2018-12-10 17:00:00 | > ColoCrossing | | A116 | 3 | 2018-12-11 > 07:00:00,2018-12-11 08:00:00,2018-12-11 10:00:00 | > ColoCrossing,QuadraNet Enterprises LLC | | A677 | 3 | 2018-12-09 > 13:00:00 | > ColoCrossing | | AA08 | 3 | 2018-12-10 > 09:00:00,2018-12-10 10:00:00,2018-12-10 11:00:00 | > ColoCrossing | | C00B | 3 | 2018-12-10 > 04:00:00 | > ColoCrossing | | C0D4 | 3 | 2018-12-11 > 07:00:00,2018-12-11 09:00:00,2018-12-11 11:00:00 | > ColoCrossing | | D021 | 3 | 2018-12-09 > 14:00:00,2018-12-09 15:00:00 | > ColoCrossing,QuadraNet Enterprises LLC | | FB34 | 3 | 2018-12-10 > 16:00:00,2018-12-10 17:00:00 | > ColoCrossing | > +--+---+-++ > 14 rows > > 14*3=42 > > This should become a new OrNetRadar detector. > And given ColoCrossings advertised prices, even using single servers that amounts to nearly $840 pcm or over $10.000 per annum. That doesn't looks like a hobbyist. - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: "ColoCrossing" - 28 new relays
On Wed, 12 Dec 2018 19:17:56 +0100 (CET) Nathaniel Suchy allegedly wrote: > It's scary to think there are bad people out there actively trying to > harm our community :( I'd be astonished if there weren't. Tor is a thorn in the side for lots of different entities. I am just grateful that it exists and that there are people prepared to defend it. - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: "ColoCrossing" - 28 new relays
* Nathaniel Suchy: > It's scary to think there are bad people out there actively trying to > harm our community :( I take it as a compliment. Tor authors and relay operators are having enough of an effect that some entities out there try to undermine us. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: "ColoCrossing" - 28 new relays
That is why many of us do what we do Nathaniel On December 12, 2018 6:17:56 PM UTC, Nathaniel Suchy wrote: >It's scary to think there are bad people out there actively trying to >harm our community :( > >Cordially, >Nathaniel Suchy > > > >Dec 12, 2018, 10:46 AM by dgou...@torproject.org: > >> On 12 Dec (09:33:58), Toralf Förster wrote: >> >>> On 12/11/18 10:54 PM, nusenu wrote: >>> > from their fingerprints >>> I'm just curious that the fingerprints starts with the same >sequence. I was >>> under the impression that the fingerprint is somehow unique like a >hash? >>> >> >> If one would like to position their relay on the hashring at a >specific spot, >> you can bruteforce the key generation to match the first bytes of the >> fingerprint. Usually 4 or 5 bytes are enough and it doesn't take that >long to >> compute. >> >> And because the position on the hashring is predictable over time for >hidden >> service *version 2*, then anyone can setup relays that in 5 days will >be at >> the right position. >> >> Thus the importance to catch these relays before they get the HSDir >flag that >> is 96 hours of uptime. >> >> Cheers! >> David >> >> -- >> WzhUyhDvWQI2JZglnMWl4fhIHYln5DpMG50IrXaHPLU= >> > >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Spiros Andreou___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: "ColoCrossing" - 28 new relays
It's scary to think there are bad people out there actively trying to harm our community :( Cordially, Nathaniel Suchy Dec 12, 2018, 10:46 AM by dgou...@torproject.org: > On 12 Dec (09:33:58), Toralf Förster wrote: > >> On 12/11/18 10:54 PM, nusenu wrote: >> > from their fingerprints >> I'm just curious that the fingerprints starts with the same sequence. I was >> under the impression that the fingerprint is somehow unique like a hash? >> > > If one would like to position their relay on the hashring at a specific spot, > you can bruteforce the key generation to match the first bytes of the > fingerprint. Usually 4 or 5 bytes are enough and it doesn't take that long to > compute. > > And because the position on the hashring is predictable over time for hidden > service *version 2*, then anyone can setup relays that in 5 days will be at > the right position. > > Thus the importance to catch these relays before they get the HSDir flag that > is 96 hours of uptime. > > Cheers! > David > > -- > WzhUyhDvWQI2JZglnMWl4fhIHYln5DpMG50IrXaHPLU= > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: "ColoCrossing" - 28 new relays
On 12 Dec (09:33:58), Toralf Förster wrote: > On 12/11/18 10:54 PM, nusenu wrote: > > from their fingerprints > I'm just curious that the fingerprints starts with the same sequence. I was > under the impression that the fingerprint is somehow unique like a hash? If one would like to position their relay on the hashring at a specific spot, you can bruteforce the key generation to match the first bytes of the fingerprint. Usually 4 or 5 bytes are enough and it doesn't take that long to compute. And because the position on the hashring is predictable over time for hidden service *version 2*, then anyone can setup relays that in 5 days will be at the right position. Thus the importance to catch these relays before they get the HSDir flag that is 96 hours of uptime. Cheers! David -- WzhUyhDvWQI2JZglnMWl4fhIHYln5DpMG50IrXaHPLU= signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AS: "ColoCrossing" - 28 new relays
On 12/11/18 10:54 PM, nusenu wrote: > from their fingerprints I'm just curious that the fingerprints starts with the same sequence. I was under the impression that the fingerprint is somehow unique like a hash? -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
