On 7/6/16, Roger Dingledine arma@mit.edu wrote:
In this case we actually found these relays misbehaving (accessing onion
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html http://motherboard.vice.com/read/over-100-snooping-tor-nodes-have-been-spyin... https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Noubir https://motherboard.vice.com/read/the-booming-and-opaque-business-of-dark-we... https://motherboard.vice.com/read/dark-web-drug-dealers-are-making-sloppy-mi...
All quite expected and well known ever since the dawn of overlay networks. Same with the Internet.
On Wed, 06 Jul 2016 15:06:00 +0000, grarpamp wrote: ...
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html
Is there a way to make tor log connection attempts to any ports on an hidden service address, independent of whether the port actually has a HiddenServicePort?
All quite expected and well known ever since the dawn of overlay networks. Same with the Internet.
Also, wasn't there a change that made discovery impossible?
Andreas
On 7 Jul 2016, at 15:29, Andreas Krey a.krey@gmx.de wrote:
On Wed, 06 Jul 2016 15:06:00 +0000, grarpamp wrote: ...
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html
Is there a way to make tor log connection attempts to any ports on an hidden service address, independent of whether the port actually has a HiddenServicePort?
All quite expected and well known ever since the dawn of overlay networks. Same with the Internet.
Also, wasn't there a change that made discovery impossible?
We're working on it, and it's called "next generation hidden services". Until then, relays get banned for this behaviour.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n
On Thu, 7 Jul 2016 07:29:04 +0200 Andreas Krey a.krey@gmx.de wrote:
On Wed, 06 Jul 2016 15:06:00 +0000, grarpamp wrote: ...
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html
Is there a way to make tor log connection attempts to any ports on an hidden service address, independent of whether the port actually has a HiddenServicePort?
Not on any reasonable log config as is (I didn't check unreasonable ones like the debug one.).
Patch `rend_service_set_connection_addr_port()` in rendservice.c if you want this behavior. Note that it will already log connection attempts to unknown ports by default (to the `LD_REND` domain).
There's also an option (disabled by default) to tear down circuits that attempt to open streams to unknown ports, but that won't stop anyone moderately dedicated, just make things take more time.
All quite expected and well known ever since the dawn of overlay networks. Same with the Internet.
Also, wasn't there a change that made discovery impossible?
Prop 224 will fix it, but that hasn't been fully implemented yet. Using `stealth` HS auth in the mean time frustrates this.
tor-relays@lists.torproject.org
-
Andreas Krey -
grarpamp -
Tim Wilson-Brown - teor -
Yawning Angel