[tor-talk] massive automated bridge requests: why?
Roger Dingledine
arma at mit.edu
Sat Sep 3 01:39:53 PDT 2011
Hi folks,
Over the past few months the number of bridge users has spiked, most
prominently in Italy, but also plenty in Spain, Brazil, Israel, and
others.
https://metrics.torproject.org/users.html#bridge-users
https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=it#bridge-users
https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=es#bridge-users
https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=br#bridge-users
https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=il#bridge-users
I believe it started out with a Tor bundle that somebody made that had
three bridges pre-configured -- we found a torrc file along with an
unofficial Windows Tor bundle. At the beginning, those few bridges had
tens of thousands of users each, and that was it.
Since then, we've seen an enormous spike in automated connections to
https://bridges.torproject.org/ -- more than a million requests an hour.
Now just about every bridge that's given out via the https pool (as
opposed to the gmail pool or the reserve pool) is seeing many many
thousands of users from Italy and these other countries.
It seems clear that somebody's unofficial Tor bundle automatically grabs
some bridges for its users, and that this somebody didn't understand
the notion of being polite to a remote service -- I think each user is
hitting the bridges page roughly every 30 seconds.
We've taken steps to defend the bridgedb service from this overload. And
I can imagine further steps, like finally rolling out a captcha on that
page, to block people from using it like a remote API (which I always
thought was kind of a neat option). Or heck, just moving to a different
URL and abandoning that one.
But the question first is: what's going on? Can those of you near or in
these countries please ask around and try to get some answers?
I don't think it's a censoring adversary trying to collect the list of
bridges. For one, it's way overkill; for another, why use the bridges
afterwards?
I don't think it's malware or some automated botnet that happens to
use bridges -- if it were, we should be seeing spikes in well-connected
countries like Japan.
--Roger
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list