Re: [tor-relays] 2017-06-07 15:37: 65 new tor exits in 30 minutes

2017-06-08 Thread nusenu 
Roger Dingledine:
> we have a plausible guess about where they came from,
> and we contacted the company that we think controls the IP addresses, so
> they can figure it out / clean up as needed.

Interesting. I'm curious, how did you link the IP addresses to the
company? Is your guess that the company set up relays or that someone
used that company's servers to setup relays?
("clean up" sounds like someone used their servers in an unauthorized way)


-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 2017-06-07 15:37: 65 new tor exits in 30 minutes

2017-06-07 Thread Roger Dingledine 
On Wed, Jun 07, 2017 at 03:50:54PM -0400, David Goulet wrote:
> On 07 Jun (19:41:00), nusenu wrote:
> > DocTor [1] made me look into this.
> > 
> > _All_ 65 relays in the following table have the following characteristics:
> > (not shown in the table to safe some space)
> 
> Yah, we got a report on bad-relays@ as well... We are looking into this but
> seems there is a distinctive pattern for most of them.

Update: we set things in motion this afternoon to cut the relays out of
the network. Also, we have a plausible guess about where they came from,
and we contacted the company that we think controls the IP addresses, so
they can figure it out / clean up as needed.

Thanks!
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 2017-06-07 15:37: 65 new tor exits in 30 minutes

2017-06-07 Thread David Goulet 
On 07 Jun (19:41:00), nusenu wrote:
> DocTor [1] made me look into this.
> 
> _All_ 65 relays in the following table have the following characteristics:
> (not shown in the table to safe some space)

Yah, we got a report on bad-relays@ as well... We are looking into this but
seems there is a distinctive pattern for most of them.

David

> 
> - OS: Linux
> - run two instances per IP address (the number of relays is only odd
> because in one case they created 3 keys per IP)
> - ORPort: random
> - DirPort: disabled
> - Tor Version: 0.2.9.10
> - ContactInfo: None
> - MyFamily: None
> - Joined the Tor network between 2017-06-07 15:37:32 and 2017-06-07
> 16:08:54 (UTC)
> - Exit Policy summary: {u'reject': [u'25', u'119', u'135-139', u'445',
> u'563', u'1214', u'4661-4666', u'6346-6429', u'6699', u'6881-6999']}
> - table is sorted by colmns 3,1,2 (in that order)
> 
> 
> - Group diversity:
>  - 20 distinct autonomous systems
>  - 18 distinct countries
> 
> https://gist.githubusercontent.com/nusenu/81337aed747ea5c7dec57899b0e27e94/raw/c7e0c4538e4f424b4cc529f3c2b1cabf6a5df579/2017-06-07_tor_network_65_relays_group.txt
> 
> 
> 
> Relay fingerprints are at the bottom of this file.
> 
> This list of relays is NOT identical to the one from DocTor (even though
> the number is identical (65)):
> [1]
> https://lists.torproject.org/pipermail/tor-consensus-health/2017-June/007968.html
> 
> https://twitter.com/nusenu_/status/872536564647198720
> 
> 
> -- 
> https://mastodon.social/@nusenu
> https://twitter.com/nusenu_
> 




> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
F3vakg18tijjqFR690AknN2mb+hDT7jRDxYnpDPmVjY=


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays