On 11/9/14, grarpamp wrote:
> ...
> HS operators banding together to compare the above logs is one
> of them. You could conceivably throw the logs/pcaps from many
> relays and onions into a splunk.onion instance and try to mine some
> knowledge out of them that way. Tor is a jointly owned wide are
On Sun, Nov 9, 2014 at 11:08 AM, Andrea Shepard wrote:
> Yes, and that is what it looks like. The strings 'code', 'old' and 'fail' in
> the URLs seen in nachash's logs were also present as top-level directories on
> his site, and he apparently had a 404 redirect to his index page - so a
> buggy c
On Sun, Nov 09, 2014 at 05:31:47AM -0800, coderman wrote:
> On 11/9/14, coderman wrote:
> > ...
> > your ConstrainedSockets experiments are exactly what i would expect to
> > see if this technique were used, since reducing socket buffers would
> > allow you to have more concurrent connections open
On 11/9/14, coderman wrote:
> ...
> your ConstrainedSockets experiments are exactly what i would expect to
> see if this technique were used, since reducing socket buffers would
> allow you to have more concurrent connections open (and thus thwart a
> DoS at lower limits).
someone asked, "then wh
On 11/9/14, coderman wrote:
> ...
> Andrea's distribution shows this type of behavior, as i would expect it:
> https://people.torproject.org/~andrea/loldoxbin-logs/analysis/length_distribution.txt
> e.g. send small bits to keep connection active and not closed by
> server side client send timeouts
thanks for the transparency, nachash! i am putting this conversation
on tor-talk, since my replies are more noise and less dev, and the
details seem to be around Tor use and configuration.
On 11/8/14, Fears No One wrote:
> ... Another regret is that pcaps weren't taken, but we both made
> the mi
