subject:"Re\: \[tor\-relays\] AS\: \"ColoCrossing\" \- 28 new relays"

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-12 Thread mick

On Wed, 12 Dec 2018 19:17:56 +0100 (CET)
Nathaniel Suchy  allegedly wrote:

> It's scary to think there are bad people out there actively trying to
> harm our community :(

I'd be astonished if there weren't. Tor is a thorn in the side for lots
of different entities. I am just grateful that it exists and that there
are people prepared to defend it.


-
 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 https://baldric.net/about-trivia
-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-12 Thread Ralph Seichter

* Nathaniel Suchy:

> It's scary to think there are bad people out there actively trying to
> harm our community :(

I take it as a compliment. Tor authors and relay operators are having
enough of an effect that some entities out there try to undermine us.

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-12 Thread Spiros Andreou

That is why many of us do what we do Nathaniel 

On December 12, 2018 6:17:56 PM UTC, Nathaniel Suchy  wrote:
>It's scary to think there are bad people out there actively trying to
>harm our community :(
>
>Cordially,
>Nathaniel Suchy
>
>
>
>Dec 12, 2018, 10:46 AM by dgou...@torproject.org:
>
>> On 12 Dec (09:33:58), Toralf Förster wrote:
>>
>>> On 12/11/18 10:54 PM, nusenu wrote:
>>> >  from their fingerprints
>>> I'm just curious that the fingerprints starts with the same
>sequence. I was
>>> under the impression that the fingerprint is somehow unique like a
>hash?
>>>
>>
>> If one would like to position their relay on the hashring at a
>specific spot,
>> you can bruteforce the key generation to match the first bytes of the
>> fingerprint. Usually 4 or 5 bytes are enough and it doesn't take that
>long to
>> compute.
>>
>> And because the position on the hashring is predictable over time for
>hidden
>> service *version 2*, then anyone can setup relays that in 5 days will
>be at
>> the right position.
>>
>> Thus the importance to catch these relays before they get the HSDir
>flag that
>> is 96 hours of uptime.
>>
>> Cheers!
>> David
>>
>> -- 
>> WzhUyhDvWQI2JZglnMWl4fhIHYln5DpMG50IrXaHPLU=
>>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Spiros Andreou___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-12 Thread Nathaniel Suchy

It's scary to think there are bad people out there actively trying to harm our 
community :(

Cordially,
Nathaniel Suchy



Dec 12, 2018, 10:46 AM by dgou...@torproject.org:

> On 12 Dec (09:33:58), Toralf Förster wrote:
>
>> On 12/11/18 10:54 PM, nusenu wrote:
>> >  from their fingerprints
>> I'm just curious that the fingerprints starts with the same sequence. I was
>> under the impression that the fingerprint is somehow unique like a hash?
>>
>
> If one would like to position their relay on the hashring at a specific spot,
> you can bruteforce the key generation to match the first bytes of the
> fingerprint. Usually 4 or 5 bytes are enough and it doesn't take that long to
> compute.
>
> And because the position on the hashring is predictable over time for hidden
> service *version 2*, then anyone can setup relays that in 5 days will be at
> the right position.
>
> Thus the importance to catch these relays before they get the HSDir flag that
> is 96 hours of uptime.
>
> Cheers!
> David
>
> -- 
> WzhUyhDvWQI2JZglnMWl4fhIHYln5DpMG50IrXaHPLU=
>

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-12 Thread David Goulet

On 12 Dec (09:33:58), Toralf Förster wrote:
> On 12/11/18 10:54 PM, nusenu wrote:
> >  from their fingerprints
> I'm just curious that the fingerprints starts with the same sequence. I was
> under the impression that the fingerprint is somehow unique like a hash?

If one would like to position their relay on the hashring at a specific spot,
you can bruteforce the key generation to match the first bytes of the
fingerprint. Usually 4 or 5 bytes are enough and it doesn't take that long to
compute.

And because the position on the hashring is predictable over time for hidden
service *version 2*, then anyone can setup relays that in 5 days will be at
the right position.

Thus the importance to catch these relays before they get the HSDir flag that
is 96 hours of uptime.

Cheers!
David

-- 
WzhUyhDvWQI2JZglnMWl4fhIHYln5DpMG50IrXaHPLU=

signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-12 Thread Toralf Förster

On 12/11/18 10:54 PM, nusenu wrote:
>  from their fingerprints
I'm just curious that the fingerprints starts with the same sequence. I was 
under the impression that the fingerprint is somehow unique like a hash?

-- 
Toralf
PGP C4EACDDE 0076E94E




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-11 Thread Roger Dingledine

On Tue, Dec 11, 2018 at 09:54:00PM +, nusenu wrote:
> it is pretty obvious from their fingerprints that they are a group of relays 
> that aim to be
> at a certain position on the DHT ring to become the HSDir of someone's onion

Right. We have bumped them out of the network, along with some others
that looked similar. They are all new relays so they didn't have much
weight or influence yet.

One thing to be careful of, in this particular situation, is that when
you see a set of k relays with very similar fingerprints, it's hard to
distinguish "there are k jerks that need to be removed from the network"
from "there are k-1 jerks, and one original possibly-unrelated relay
that for whatever reason they decided to imitate".

(In this case it looks like the former.)

Thanks,
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-11 Thread nusenu

it is pretty obvious from their fingerprints that they are a group of relays 
that aim to be
at a certain position on the DHT ring to become the HSDir of someone's onion




-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

2018-12-11 Thread Nathaniel Suchy

It looks like they are all running an alpha release with various Gmail 
addresses. Maybe they're trying to correlate some traffic. What can be done in 
situations like this where the operator is (likely intentionally) being 
dishonest about their identity?

Cordially,
Nathaniel Suchy



Dec 11, 2018, 1:58 PM by nusenu-li...@riseup.net:

> these relays look rather strange and are likely operated by a single entity,
> watch out.
>
>
> 2018-12-10
>
> |   Up |   Ext | JoinTime   | IP | CC   |   ORp |   Dirp | 
> Version   | Contact   | Nickname |   eFamMembers | FP 
>   |
> |--+---+++--+---++---+---+--+---+--|
> |1 | 0 | 03:18:23   | 23.95.85.216   | us   |  9447 |  0 | 
> 0.3.5.5-alpha | bddwwell6_at_gmail_com| Bottom00S| 1 | 
> C00BF86148C5391530FAFB550BD79706BCB55EB7 |
> |1 | 0 | 03:26:38   | 107.173.70.100 | us   | 10401 |  0 | 
> 0.3.5.5-alpha | _bch440w AT yeezee.io | Porksoundz   | 1 | 
> C00BCA7A0EE03FD6E8B9BBBE1D9250DC2194EFD9 |
> |1 | 0 | 03:36:15   | 107.173.70.107 | us   | 15888 |  0 | 
> 0.3.5.5-alpha | look4dotme at-hotmail.com | PLZTornode   | 1 | 
> C00B7102C5E1CF4F18CB529F05830FCCC1BDC611 |
> |1 | 0 | 03:58:30   | 172.245.97.224 | us   |  9700 |  0 | 
> 0.3.5.5-alpha | abaubum@ mail_com | LikeTORLike  | 1 | 
> 2D56F86ABB41462E1CAA58F55F0BA15E843B5FDB |
> |1 | 0 | 04:16:08   | 198.46.182.191 | us   | 10534 |  0 | 
> 0.3.5.5-alpha | fofalafel_gmail_com   | RedSBoll999  | 1 | 
> 2D56F2422C0DC5BA859E9167321314A26B1557C6 |
> |1 | 0 | 04:20:57   | 23.95.0.211| us   | 13013 |  0 | 
> 0.3.5.5-alpha | > crab...@yahoo.com >  | ifufcrab   
>   | 1 | 2D56FB048E4838534CA3F5276591632A64FE99F5 |
> |1 | 0 | 05:23:14   | 107.173.70.105 | us   | 12712 |  0 | 
> 0.3.5.5-alpha | evertme2_atmail_net   | ihaZtordrunk | 1 | 
> 2EBFF85DAEB4CB84A117F801801BE9A536AE7524 |
> |1 | 0 | 05:31:33   | 23.95.85.216   | us   |  9404 |  0 | 
> 0.3.5.5-alpha | __do_wwoo_rry___at__gmail | UKNOWnoto| 1 | 
> 48A3DD64243F50550ABEFA1EB73D8D50E701C370 |
> |1 | 0 | 06:27:32   | 172.245.97.194 | us   | 12059 |  0 | 
> 0.3.5.5-alpha | distorikATgmail.COM   | erRHeroes| 1 | 
> 2EBFFE2CBC8F1AC47EF3406B8010BDBDD9A83084 |
> |1 | 0 | 06:32:40   | 107.173.70.103 | us   | 11930 |  0 | 
> 0.3.5.5-alpha | strapaganzza at mail.net  | nerevgiuap   | 1 | 
> 48A3F20EA43CC7B4B124D3F8894795D31A3F90E4 |
> |1 | 0 | 07:20:14   | 107.173.70.100 | us   |  9902 |  0 | 
> 0.3.5.5-alpha | painkillsde __AT__gmail_c | coldBloodT   | 1 | 
> 48A3F9E9990FB122839DD301D2195E2040DFD02F |
> |1 | 0 | 08:28:44   | 107.173.70.104 | us   |  9581 |  0 | 
> 0.3.5.5-alpha | grave345235@gm__ail.com   | rEPlace3r| 1 | 
> AA08AE727D782C71930D828C4236CB2434E559C6 |
> |1 | 0 | 08:33:40   | 107.173.70.102 | us   | 16870 |  0 | 
> 0.3.5.5-alpha | nneoodww9 at mail.com | Historitian  | 1 | 
> 8788B1A28148ABD7C48ADF00791BBE795BC4A282 |
> |1 | 0 | 09:17:47   | 107.173.70.105 | us   |  9292 |  0 | 
> 0.3.5.5-alpha | ultimost_gmail_at | Bailarumba   | 1 | 
> AA088A35AFC64BE27806EB4CEB8DA059F157EBD9 |
> |1 | 0 | 09:21:48   | 198.46.182.211 | us   | 13873 |  0 | 
> 0.3.5.5-alpha | > auglls...@gmail.com >  | 
> lighTOR  | 1 | 878874CD42DE8695A0C02B6A5385E18638C0F95A |
> |1 | 0 | 09:55:11   | 198.46.182.191 | us   | 14037 |  0 | 
> 0.3.5.5-alpha | elistranoob AT gmail dot. | ChOue| 1 | 
> AA08CE96617B2D3B6F4753805B6C8244E07A40E9 |
> |1 | 0 | 10:01:14   | 107.173.70.107 | us   | 11389 |  0 | 
> 0.3.5.5-alpha | to_me_baby at yahoo.com   | bagarabild   | 1 | 
> 8788AAB8C1E28693C30CFC4159EE0F313C25D610 |
> |1 | 0 | 15:30:33   | 107.173.70.10  | us   |  9075 |  0 | 
> 0.3.5.5-alpha | > besktr...@gmail.com >  | 
> TorpDay  | 1 | A099DAA630AC76F03FBB6138E2EBA884151E8706 |
> |1 | 0 | 15:34:27   | 23.95.85.215   | us   | 17563 |  0 | 
> 0.3.5.5-alpha | bebe_rexa AT nomail.com   | RepeldeVay   | 1 | 
> FB346238C8FCB515A49F53049D0129BF69EAD7CA |
> |1 | 0 | 15:39:48   | 198.46.182.208 | us   | 15199 |  0 | 
> 0.3.5.5-alpha | > pokersp...@yahoo.com >  | 
> delldivision | 1 | A099ED2475CE64280119ECDE46EA414931014540 |
> |1 | 0 | 15:43:46   | 192.227.155.34 | us   | 14413 |  0 | 
> 0.3.5.5-alpha | justnomail1 AT gmail

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

Re: [tor-relays] AS: "ColoCrossing" - 28 new relays

9 matches

Site Navigation

Mail list logo

Footer information