Re: many new relays
Any news on this thread? Is there any reason to believe the network is under attack or not?
Re: many new relays
On 07/10/2009 05:54 PM, Phil wrote: Any news on this thread? Is there any reason to believe the network is under attack or not? We have no reason to believe the Tor network is under attack. The simplest explanation is that all of the efforts to promote Tor in Iran are resulting in a burst of new relays. In the past, we'd consistently see bursts of new relays after major press articles; such as stories on Slashdot. The full directory archives will soon be available for all to do your own analysis of the recent growth in the Tor network. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject
Re: many new relays
I usually play with this form of output as it is the most verbose. getinfo desc/all-recent | perl_splitter - separate files by fingerprint or other tag. Even one of these (or a cached-descriptors) from before the jump could be enough. An ls -al of your dirs could probably find a good pre jump candidate by size. The 19th seems to be the first of the permanent influx. If someone needs ... server descriptors ... please let me know So sure, just one from the 17th might be good. As to future distribution and if size is a problem ... My current view of getinfo desc/all-recent is 4.356MiB, 1.801MiB compressed. Removing this uncompressible info irrelevent to the subject: if (/^opt (extra\-info\-digest|(read|write)\-history) /) { if (/^(onion\-key|signing\-key|router\-signature)$/) { gives 1.641MiB, .292MiB compressed. Not quite sure why views differ across routers, it'll probably hit me before long though. Maybe todo with FetchUselessDescriptors, DownloadExtraInfo. Also, currently 3179 uniq fingerprints in the view. 2009-06-01 1399 2009-06-02 1373 2009-06-030 2009-06-04 1387 2009-06-05 1388 2009-06-06 1399 2009-06-07 1413 2009-06-08 1370 2009-06-09 1385 2009-06-10 1380 2009-06-11 1388 2009-06-12 1392 2009-06-13 1404 2009-06-14 1394 2009-06-15 1368 2009-06-16 1379 2009-06-17 1416 2009-06-18 1433 2009-06-19 1542 2009-06-20 1585 2009-06-21 1699 2009-06-22 1758 2009-06-23 1707 2009-06-24 1713 2009-06-25 1707 2009-06-26 1702 2009-06-27 1754 2009-06-28 1740 2009-06-29 1706 2009-06-30 1735
Re: many new relays
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/2009 11:59 AM, grarpamp wrote: I usually play with this form of output as it is the most verbose. getinfo desc/all-recent | perl_splitter - separate files by fingerprint or other tag. Even one of these (or a cached-descriptors) from before the jump could be enough. An ls -al of your dirs could probably find a good pre jump candidate by size. The 19th seems to be the first of the permanent influx. If someone needs ... server descriptors ... please let me know So sure, just one from the 17th might be good. It's not that simple. Every descriptor is stored in a separate file. Archiving the cached-* files would add a lot of redundancy. As to future distribution and if size is a problem ... My current view of getinfo desc/all-recent is 4.356MiB, 1.801MiB compressed. Removing this uncompressible info irrelevent to the subject: if (/^opt (extra\-info\-digest|(read|write)\-history) /) { if (/^(onion\-key|signing\-key|router\-signature)$/) { gives 1.641MiB, .292MiB compressed. Good idea. Removing the crypto parts did the trick. The compressed June descriptors are now 20 MB rather than about 100 MB before. I think we can afford the bandwidth (even if 50 or-talkers download the thing): http://freehaven.net/~karsten/volatile/server-descriptors-2009-06-short.tar.bz2 You'll probably want to use the published timestamps or write your own little parsing application to match descriptors with network status lines in the consensuses: http://freehaven.net/~karsten/volatile/consensuses-2009-06.tar.gz (I'll remove both links in 1 month from now.) Let us know what you find! Best, - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpPPdkACgkQ0M+WPffBEmUznQCgtsg63PNBedW52JOKYfRAtVHk DX4AnjOs+pH/nS6dZecV1t6For/Sbrwr =fsQ1 -END PGP SIGNATURE-
Re: many new relays
Same files, tarred up and posted. 10 downloads left, autodelete after 90 inactive days. http://rapidshare.com/files/251821865/tordat.tar.html SHA1 (tordat.tar) = 8ed68234192a6d50cc59159780edbb53599aaa5e MD5 (tordat.tar) = fbc02ac9a56d5a2b22e16b2344f3b669 tar -tvf tordat.tar -rw-r--r-- 0 root wheel 3392067 Jul 4 07:30 consensuses-2009-06.tar.gz -rw-r--r-- 0 root wheel 20858716 Jul 4 07:19 server-descriptors-2009-06-short.tar.bz2 SHA1 (consensuses-2009-06.tar.gz) = c686496a631e0d46a280e44b26cd7271f6838fac SHA1 (server-descriptors-2009-06-short.tar.bz2) = 555b88d5986b0fd61d23cb55d6e62c84ddedb500
Re: many new relays
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/28/2009 09:05 AM, grarpamp wrote: I'd give it a 15 minute mile high eyeball if I had the 'before the jump' cache files or a 'getinfo desc/all-recent' from back then. I just don't have that dataset. I have uploaded a tarball of the 00:00 UTC consensuses from June 1 to 30, 2009 here (3.3 M): http://freehaven.net/~karsten/volatile/consensuses-2009-06.tar.gz If someone needs the consensuses in between (709 M including votes) or the server descriptors (760 M uncompressed), please let me know via private email. (We're still in the process of finding a better way to make these files public, but then there are always tasks with higher priority..) - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpKEtcACgkQ0M+WPffBEmWg1gCffDinyt8/6wwH+C4PjaD9f4U/ B+MAoNksVGRxVXkfsl2XvpU+L9gbUIcm =R9aq -END PGP SIGNATURE-
Re: many new relays
Subject: Re: many new relays To: or-talk@freehaven.net Date: Sunday, June 28, 2009, 10:05 AM I'd give it a 15 minute mile high eyeball if I had the 'before the jump' cache files or a 'getinfo desc/all-recent' from back then. I just don't have that dataset. It means everyone is busy working on other things. Yep, it's just an on the radar thing. more stats about the effect of other major media stories about Tor, Slashdot effect, etc. I think the Tor project may indeed have some long term data such as a simple relay count in RRD. Just thought I saw some graphs once. There's probably a roadmap somewhere that gives an idea of when Tor would be felt ready for more general mass consumption/advertisment. This whole Iran thing is a great way for a number of adversaries to slip in undetected. In bulk, in short order, yes, perhaps. Though if I were a serious adversary I would probably advise against something as we've just seen. I suggested doing the analysis because often the first rollout of anything is botched in some fashion. And there's limited time to catch it, then learning occurs and the future ones appear normal. And of course, as a secondary check, the non-black Tor break canary has yet to be seen in the public courts. Is it possible this alleged jump in the numbers of relays is partly driven by the tbreg/Taobao thing? Perhaps this same technique is being used more widely than is realized with relay nodes on zombied machines having names other than 25tbreg. Just a thought.
Re: many new relays
On Mon, 29 Jun 2009 13:27:28 -0700 (PDT) Phil philtickle...@yahoo.com wrote: I'd give it a 15 minute mile high eyeball if I had the 'before the jump' cache files or a 'getinfo desc/all-recent' from back then. I just don't have that dataset. It means everyone is busy working on other things. Yep, it's just an on the radar thing. more stats about the effect of other major media stories about Tor, Slashdot effect, etc. I think the Tor project may indeed have some long term data such as a simple relay count in RRD. Just thought I saw some graphs once. There's probably a roadmap somewhere that gives an idea of when Tor would be felt ready for more general mass consumption/advertisment. This whole Iran thing is a great way for a number of adversaries to slip in undetected. In bulk, in short order, yes, perhaps. Though if I were a serious adversary I would probably advise against something as we've just seen. I suggested doing the analysis because often the first rollout of anything is botched in some fashion. And there's limited time to catch it, then learning occurs and the future ones appear normal. And of course, as a secondary check, the non-black Tor break canary has yet to be seen in the public courts. Is it possible this alleged jump in the numbers of relays is partly driven by the tbreg/Taobao thing? Perhaps this same technique is being used more widely than is realized with relay nodes on zombied machines having names other than 25tbreg. Just a thought. I don't think so. Right now there are 1972 relays listed in the consensus, but only one with a nickname of tbreg. The jump is still on the order of 400-600 relays. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: many new relays
I'd give it a 15 minute mile high eyeball if I had the 'before the jump' cache files or a 'getinfo desc/all-recent' from back then. I just don't have that dataset. It means everyone is busy working on other things. Yep, it's just an on the radar thing. more stats about the effect of other major media stories about Tor, Slashdot effect, etc. I think the Tor project may indeed have some long term data such as a simple relay count in RRD. Just thought I saw some graphs once. There's probably a roadmap somewhere that gives an idea of when Tor would be felt ready for more general mass consumption/advertisment. This whole Iran thing is a great way for a number of adversaries to slip in undetected. In bulk, in short order, yes, perhaps. Though if I were a serious adversary I would probably advise against something as we've just seen. I suggested doing the analysis because often the first rollout of anything is botched in some fashion. And there's limited time to catch it, then learning occurs and the future ones appear normal. And of course, as a secondary check, the non-black Tor break canary has yet to be seen in the public courts.
Re: many new relays
It would be interesting to see more stats about the effect of other major media stories about Tor, Slashdot effect, etc. This whole Iran thing is a great way for a number of adversaries to slip in undetected. Ringo Phil wrote: --- On Wed, 6/24/09, 150% jump, in such a short time. Not sure I'd welcome that so soon. I don't have a copy of the old cache files from before the jump began. But if someone does, consider putting them up on a filehost or analyzing it a bit more. This really should be looked at in more detail before chalking it up to .ir or friendlies. And how does this correspond to prior slashdot/digg jumps. netblock/isp/hostname/whois/country platform nickname policy bandwidth contacts uptime etc No discussion or comments on this? What does it mean?
Re: many new relays
On 06/25/2009 05:03 PM, Phil wrote: No discussion or comments on this? What does it mean? It means everyone is busy working on other things. I encourage you to do the analysis yourself. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject
Re: many new relays
--- On Wed, 6/24/09, 150% jump, in such a short time. Not sure I'd welcome that so soon. I don't have a copy of the old cache files from before the jump began. But if someone does, consider putting them up on a filehost or analyzing it a bit more. This really should be looked at in more detail before chalking it up to .ir or friendlies. And how does this correspond to prior slashdot/digg jumps. netblock/isp/hostname/whois/country platform nickname policy bandwidth contacts uptime etc No discussion or comments on this? What does it mean?
many new relays
150% jump, in such a short time. Not sure I'd welcome that so soon. I don't have a copy of the old cache files from before the jump began. But if someone does, consider putting them up on a filehost or analyzing it a bit more. This really should be looked at in more detail before chalking it up to .ir or friendlies. And how does this correspond to prior slashdot/digg jumps. netblock/isp/hostname/whois/country platform nickname policy bandwidth contacts uptime etc
many new relays
Somewhere on the order of 500 new relays or so seem to have appeared in the tor network in the past week. I take this as a very welcome event, not only for the future of the tor network and enhanced performance of the network, but because it suggests that quite a lot of people have become more aware of the need for network anonymity. What bothers me a trifle is that the timing of all this also suggests that it has been triggered by the ruckus over the recent election in Iran. I hope that most of the new tor nodes will stick around for the long haul after the situation in Iran has quiesced, rather than simply being up for a few weeks and then vanishing again. Either way, though, I welcome them all for as long as their operators are willing to help out by running relays. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: many new relays
Do we have indication of any geographic concentration of these relays? Worried about sybil attacks. --Original Message-- From: Scott Bennett Sender: owner-or-t...@freehaven.net To: or-t...@seul.org ReplyTo: or-talk@freehaven.net Sent: Jun 21, 2009 7:51 PM Subject: many new relays Somewhere on the order of 500 new relays or so seem to have appeared in the tor network in the past week. I take this as a very welcome event, not only for the future of the tor network and enhanced performance of the network, but because it suggests that quite a lot of people have become more aware of the need for network anonymity. What bothers me a trifle is that the timing of all this also suggests that it has been triggered by the ruckus over the recent election in Iran. I hope that most of the new tor nodes will stick around for the long haul after the situation in Iran has quiesced, rather than simply being up for a few weeks and then vanishing again. Either way, though, I welcome them all for as long as their operators are willing to help out by running relays. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: many new relays
Am Montag, den 22.06.2009, 03:23 + schrieb David Jevans: Do we have indication of any geographic concentration of these relays? Worried about sybil attacks. Most of them are in the USA: http://www.dianacht.de/torstat/ (sorry, in german, it's based on the cached-consensus file of a tor-node and geolocated with maxmind's GeoLite-database)