Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

Am So., 5. Juli 2020 um 18:36 Uhr schrieb nusenu : > Hi, > > I'm currently writing a follow-up blog post to [1] about a large scale > malicious tor exit relay operator > that did run more than 23% of the Tor network's exit capacity (May 2020) > before (some) of it got reported to the bad-relays te

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

nusenu wrote: > > Pascal Terjan: > > I am not convinced it would help large scale attacks. > > Running 50 relays is not much and it each was providing 0.49% of > > capacity that would give them 24.5%... > > I would expect that an attacker would create more relays than that and > > unless there is

[tor-relays] Work with ISPs

Hi list, With the recent warning by nusenu about the malicious relays and the proposal to work around the issue , ive been wondering: Did anyone ever try to convince some isp to put a low-cap tor relay on the router of their 'unlimited bandwidth' clients? Or has there been any discussion on that

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

On Sun, Jul 05, 2020 at 06:35:32PM +0200, nusenu wrote: > To prevent this from happening over and over again > I'm proposing two simple but to some extend effective relay requirements > to make malicious relay operations more expensive, time consuming, > less sustainable and more risky for such ac

Re: [tor-relays] Authority Nodes

LOL this requirement: - Should be run by somebody that Tor (i.e. Roger) knows. One thing that I think would help Tor a lot and have seen some discussions on, would be a better 'trustworthy' way to measure bandwidth. I know it's measured a couple of different ways now, with 'observed' bandwidth a

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

Scott Bennett: > Your proposed method of delaying the problem would impose a labor burden > on the tor project as well If we assume that malicious relay activity is impacted I'd assume that the time saved using the proposal might as well outweight the time spend on bad-relays@ After implementa

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

Charly Ghislain: > I have nothing against this proposal although im not sure it would be that > much efficient. > Especially, how does it make relay operations 'less sustainable' or 'more > risky'? I assume you mean "make _malicious_ relay operations 'less sustainable' ..". It would be less sus

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

> I've written up what I think would be a useful building block: > https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001 thanks, I'll reply here since I (and probably others) can not reply there. > Three highlights from that ticket that tie into this thread: > > (A) Limiting each