On 11/12/2015 03:12 AM, coderman wrote:
On 11/12/15, Mirimir <mirimir@riseup.net> wrote:
... Yes, it was subtle. But it was also, as I understand it, pointless except as an attack. And it was new behavior, right?
you would not believe the kinds of fucked up clients and relays that participate in the Tor network! even the friendly implementations in Java or Rust have at times failed in ways that look like an attack.
i don't think people appreciate the scale, complexity, and novelty of activity in the Tor ecosystem.
I'm sure that I don't. But maybe it would be better to consider odd behavior as attacks until confirmed as friendly bugs. <SNIP>
how would you have spotted it?
I'm not technical enough to answer that. But generally, I think that they ought to put more effort into monitoring. Especially for new relays. Look for anything unusual.
this is indeed a challenge!
not just for circuit behavior in general, but also bad exit checking (which is usually bad upstream) and suspicious cliques of relays.
proposals and patches welcome :)
Maybe the Tor network needs an IDS ;)
best regards,