From: nusenu nusenu@openmailbox.org To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Should cloud-hosted relays be rejected? Date: Tue, 1 Sep 2015 00:58:05 +0200
I don't think banning GCE, AWS and MS Azure is an efficient method to significantly increase the cost of attacks because it is trivial for an attacker to quickly spin up "a large number of disposable machines" at other ISPs as well.
It has other benefits. Those big providers see a huge amount of exit traffic and can potentially do correlation against that.
tordev123@Safe-mail.net wrote:
I don't think banning GCE, AWS and MS Azure is an efficient method to significantly increase the cost of attacks because it is trivial for an attacker to quickly spin up "a large number of disposable machines" at other ISPs as well.
It has other benefits. Those big providers see a huge amount of exit traffic and can potentially do correlation against that.
Agreed. We (people involved in documenting relay operation) should also spend more time promoting dedicated servers. VMs have similar problems, just at a smaller scale.
I don't think banning GCE, AWS and MS Azure is an efficient method to
significantly increase the cost of attacks because it is trivial for an attacker to quickly spin up "a large number of disposable machines" at other ISPs as well.
It has other benefits. Those big providers see a huge amount of exit traffic and can potentially do correlation against that.
I disagree on 'huge'. If you worry about i.e. Amazon hosting to much exit bandwidth you have to worry about many other* ASes first, and even then, banning them all completely (exit prob = 0) isn't probably a wise strategy.
*) +-----------+---------------------------------+ | exit_prob | AS_name | +-----------+---------------------------------+ | 9.261 | OVH SAS | | 7.629 | Avira B.V. | | 6.239 | SOFTplus Entwicklungen GmbH | | 5.306 | Hetzner Online AG | | 4.013 | UK2 - Ltd | | 3.563 | LeaseWeb B.V. | | 3.316 | Voxility S.R.L. | | 3.171 | Init7 (Switzerland) Ltd. | | 2.454 | NFOrce Entertainment BV | | 2.232 | CYBERDYNE | | 2.174 | Association TETANEUTRAL.NET | | 2.111 | ALISTAR SECURITY SRL | | 2.018 | 31173 Services AB | | 1.852 | PlusServer AG | | 1.831 | root SA | | 1.713 | ONLINE S.A.S. | | 1.703 | QuadraNet, Inc | | 1.475 | ISPpro Internet KG | | 1.441 | Foreningen for digitala fri- oc | | 1.427 | BlazingFast LLC | | 1.377 | rrbone UG (haftungsbeschraenkt) | | 1.288 | IP-EEND BV | | 1.249 | WEDOS Internet, a.s. | | 1.240 | Abovenet Communications, Inc | | 1.181 | The Calyx Institute | | 1.169 | myLoc managed IT AG | | 1.024 | Digicube sas | | 0.871 | Amazon.com, Inc. | << Amazon | 0.817 | Hurricane Electric, Inc. | | 0.799 | University of Michigan | +-----------+---------------------------------+ onionoo data from 2015-09-01 07:00:00
-
Michael McConville -
nusenu -
tordev123@Safe-mail.net