On 11/9/14, grarpamp <grarpamp@gmail.com> wrote:
... HS operators banding together to compare the above logs is one of them. You could conceivably throw the logs/pcaps from many relays and onions into a splunk.onion instance and try to mine some knowledge out of them that way. Tor is a jointly owned wide area infrastructure... seems time to apply the traditional net/sec tools to it and see what's up on your own network.
if you'd like to help test, the existing PyLoris implementation does not handle hidden services well, instead uses host DNS to lookup and then connect to IP address. i have modified a Tor HS PyLoris and updated the HS 100 connections ticket with a copy: https://trac.torproject.org/projects/tor/ticket/8902#comment:7 best regards,