[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes
-----BEGIN PGP SIGNED MESSAGE-----
> On Thu, Apr 23, 2015 at 07:30:57PM +0000, nusenu wrote:
>>> Almost all of them were younger than one month and they seem
>>> to have joined the network in small batches. I uploaded
>>> Onionoo's JSON-formatted relay descriptors, so everybody can
>>> have a look:
>> I compared your list (71 FPs) with my list (55 FPs) from
>> 2015-04-05 , we have an overlap of (only) 30 relays. An
>> overlap of around ~50 would be better.
> Yes, I remember your list. Thanks a lot for sharing it, it's
> really helpful!
> The relays that are in your, but not in my list indeed look quite
> similar to the rest. They don't have a BadExit flag because nobody
> has caught them doing something nasty yet.
So you do not think that they are controlled by the same (malicious)
entity? (even though some declare their MyFamily accordingly*)
Or is the requirement to flag them as badexit to catch them red handed?
The case that one took over legit relays is unlikely since many are
rather 'fresh' ones.
Or: Are they still on the network so we can see what they are after? ;)
(rather hard given the amount of potential targets)
Did you (or anyone else?) try to reach out to them via their ISP(s)?
*) Why would a malicious entity start to declare a MyFamily at all?
I guess due to my email from
ml and it does not actually hurt their malicious activities because
the little groups are in the same /16 anyway. (They do not put all
their relays in a family)
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
tor-talk mailing list - email@example.com
To unsubscribe or change other settings go to