On Wed, 04 Sep 2013 10:36:32 +, Roman Mamedov wrote:
...
> For example if all of these new users are in fact a single botnet, that's now
> connecting to Tor and then sitting dormant waiting for an order to instantly
> DDoS into the ground any hidden service that publishes "undesirable" info...
On Wed, 04 Sep 2013 04:24:04 +, mirimir wrote:
...
>
> Just so it's absolutely clear:
>
> http://www.myimageshare.com/images/2013/09/03/Syria.png
Except that the syrian surge you show here started two weeks
before the global surge, and syria does not show significant
increase starting at 08-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 09/01/2013 12:31 AM, Viking God wrote:
> Most internet related programs can be configured to use Tor, but
> not necessarily in a totally anonymous way. Some programs still
> leak information about your IP, for example when doing DNS
> requests. Bu
On Tue, 3 Sep 2013 22:02:39 +0100
Bernard Tyers - ei8fdb wrote:
> To answer the OP: how can we tell "malicious users" from "valid users". I
> understand your POV, but surely we can't discriminate? Or can we?
For example if all of these new users are in fact a single botnet, that's now
connectin
On 09/04/2013 02:09 AM, Collin Anderson wrote:
> On Tue, Sep 3, 2013 at 9:39 PM, mirimir wrote:
>
>> I wonder what it might mean.
>>
>
> I don't believe much, Syria's increase was relatively marginal and
> potentially related to normal trends of weekly or holiday use. For the most
> party, susp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No it's not new, sadly...
mirimir schrieb:
>On 09/03/2013 08:52 PM, Moritz Bartl wrote:
>
>> On 09/03/2013 10:39 PM, Elrippo wrote:
>>> I have to disagree with you on behalf of SPAM.
>>> I opened Port 25 on one of my exits. In a week I got blackl
On 09/04/2013 02:09 AM, Collin Anderson wrote:
> On Tue, Sep 3, 2013 at 9:39 PM, mirimir wrote:
>
>> I wonder what it might mean.
>>
>
> I don't believe much, Syria's increase was relatively marginal and
> potentially related to normal trends of weekly or holiday use. For the most
> party, susp
There's a material error in my previous post, which I'm correcting.
On 09/04/2013 02:09 AM, Collin Anderson wrote:
> On Tue, Sep 3, 2013 at 9:39 PM, mirimir wrote:
>
>> I wonder what it might mean.
>>
>
> I don't believe much, Syria's increase was relatively marginal and
> potentially related
On Tue, Sep 3, 2013 at 9:39 PM, mirimir wrote:
> I wonder what it might mean.
>
I don't believe much, Syria's increase was relatively marginal and
potentially related to normal trends of weekly or holiday use. For the most
party, suspect countries have increased orders of magnitude in users --
S
What about Tor obfuscated bridges?
Tor has published a blog post on normal bridges automatically probed by
GFW.
Some say that obfuscated bridges are also probed.
https://trac.torproject.org/projects/tor/ticket/8591
>
> And what about Tor over VPN?
>
It will work. But users in China want to avoid
On 09/04/2013 12:20 AM, Collin Anderson wrote:
> On Tue, Sep 3, 2013 at 5:26 AM, Jens Kubieziel wrote:
>
>> How is this image different from the Google Docs you sent earlier? I
>>
>
> Hi Jens,
>
> I suspect my Google Doc was newer data, but I've regenerated the graphs and
> updated the code to
On Tue, Sep 3, 2013 at 5:26 AM, Jens Kubieziel wrote:
> How is this image different from the Google Docs you sent earlier? I
>
Hi Jens,
I suspect my Google Doc was newer data, but I've regenerated the graphs and
updated the code to clarify this question.
http://cda.io/r/tor-direct-users-2013_08
On 13-09-03 03:56 PM, mirimir wrote:
> On 09/03/2013 03:35 PM, adrelanos wrote:
>
>> New hypothesis:
>> This is an attempt to shut down the Tor network once and forever.
>>
>> Might this be an attack on the Tor network with the goal to make it that
>> slow for everyone, that no one will use it any
Am Dienstag, 3. September 2013, 15:35:04 schrieb adrelanos:
> New hypothesis:
> This is an attempt to shut down the Tor network once and forever.
>
> Might this be an attack on the Tor network with the goal to make it that
> slow for everyone, that no one will use it anymore? (DDOS)
The Thing on
>I quickly checked the settings in (Sylpheed) Claws, and didn't find any
>proxy settings. But settings in the original Sylpheed are probably
>different from those in Claws.
>
>May my force be with you!
>/the God of thunder ;-)
It IS the same in Claws as Sylpheed, but I've wriiten to the Claws-Mail
On 09/03/2013 09:39 PM, Moritz Bartl wrote:
> On 09/03/2013 11:13 PM, mirimir wrote:
>>> Seconded. While we try not to restrict anything and have an "everything
>>> goes" policy on most of our relays, port 25 is sadly not a good idea to
>>> keep open.
>> That's sensible. But it's not a new policy
On 09/03/2013 11:13 PM, mirimir wrote:
>> Seconded. While we try not to restrict anything and have an "everything
>> goes" policy on most of our relays, port 25 is sadly not a good idea to
>> keep open.
> That's sensible. But it's not a new policy since mid August 2013, right?
No, that has nothing
mirimir:
> On 09/03/2013 03:35 PM, adrelanos wrote:
>
>> New hypothesis:
>> This is an attempt to shut down the Tor network once and forever.
>>
>> Might this be an attack on the Tor network with the goal to make it that
>> slow for everyone, that no one will use it anymore? (DDOS)
>>
>> Doing thi
On 09/03/2013 08:52 PM, Moritz Bartl wrote:
> On 09/03/2013 10:39 PM, Elrippo wrote:
>> I have to disagree with you on behalf of SPAM.
>> I opened Port 25 on one of my exits. In a week I got blacklisted by Google
>> and some DNSBL's for sending spam.
>> It took me quite a time to erase my IP from
On 3 Sep 2013, at 21:52, Moritz Bartl wrote:
> On 09/03/2013 10:39 PM, Elrippo wrote:
>> I have to disagree with you on behalf of SPAM.
>> I opened Port 25 on one of my exits. In a week I got blacklisted by Google
>> and some DNSBL's for sending spam.
>> It took me quite a time to erase my IP
On 09/03/2013 08:39 PM, Elrippo wrote:
> I have to disagree with you on behalf of SPAM.
>
> I opened Port 25 on one of my exits. In a week I got blacklisted by Google
> and some DNSBL's for sending spam.
> It took me quite a time to erase my IP from these lists...
>
> I can live with port 587 f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/03/2013 02:09 PM, Roger Dingledine wrote:
> Longer term, the right answer is to use the Firefox update mechanism in
> TBB 3.0 to update, in place, only the parts that need updating.
> https://trac.torproject.org/projects/tor/ticket/4234
>
> ...u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I have to disagree with you on behalf of SPAM.
I opened Port 25 on one of my exits. In a week I got blacklisted by Google and
some DNSBL's for sending spam.
It took me quite a time to erase my IP from these lists...
I can live with port 587 for su
On 09/03/2013 10:39 PM, Elrippo wrote:
> I have to disagree with you on behalf of SPAM.
> I opened Port 25 on one of my exits. In a week I got blacklisted by Google
> and some DNSBL's for sending spam.
> It took me quite a time to erase my IP from these lists...
> I can live with port 587 for subm
I saw perhaps a 10% - 20%reduction in speed this weekend. Just my
personal estimate.
I did not use any kind of metering software. No worse then its been in
the past.
If your right, this might have been a test run. But more likely the Tor
network is getting
a lot of PR and people are trying it
On 09/03/2013 03:35 PM, adrelanos wrote:
> New hypothesis:
> This is an attempt to shut down the Tor network once and forever.
>
> Might this be an attack on the Tor network with the goal to make it that
> slow for everyone, that no one will use it anymore? (DDOS)
>
> Doing this using a botnet a
On 09/03/2013 06:34 PM, Roman Mamedov wrote:
> With the influx of "popularity" that Tor now sees, we need a way to figure out
> who/what are all these new "users" and what are they actually doing.
If this is a botnet, it's likely that slaves, for the most part, are
just visiting C&C hidden servic
Hello,
With the influx of "popularity" that Tor now sees, we need a way to figure out
who/what are all these new "users" and what are they actually doing.
Maybe this has been proposed or considered before, but...
Why not make all exit nodes collect e.g. stats about top 10 most actively
requested
03.09.2013 17:35, adrelanos:
> New hypothesis:
> This is an attempt to shut down the Tor network once and forever.
>
> [...]
Beside an existing botnet that now makes use of Tor (rising clients due
to updates) or a new botnet (new infections increase the number of the
clients) that includes Tor th
On Tue, Sep 03, 2013 at 05:17:49PM +0100, Graham Todd wrote:
> Until this year, I was a student at the University of Kent, and you can
> find the at:
>
> http://www.kent.ac.uk
>
> where I know some members of the Computer Science Laboratory were very
> interested in Tor, which was the reason I go
On Mon, Sep 02, 2013 at 03:22:33PM +, adrelanos wrote:
> Roger Dingledine:
> > And we really should raise the guard rotation period. If you
> > do their compromise graphs again with guards rotated every nine months,
> > they look way different."
>
> TBB releases are more frequent than every ni
>Six things I did in August 2013
Roger,
Until this year, I was a student at the University of Kent, and you can
find the at:
http://www.kent.ac.uk
where I know some members of the Computer Science Laboratory were very
interested in Tor, which was the reason I got switched on to the
project.
Th
New hypothesis:
This is an attempt to shut down the Tor network once and forever.
Might this be an attack on the Tor network with the goal to make it that
slow for everyone, that no one will use it anymore? (DDOS)
Doing this using a botnet and only taking up a portion of their
individual botnet m
* Collin Anderson schrieb am 2013-08-30 um 18:36 Uhr:
> worked my way back elsewhere, IRC and Twitter. A few of these prospects
> could be reasonably addressed through the trends of the top fifty
> countries, illustrated here: http://cda.io/r/tor_mystery_2013.png
How is this image different from t
* on the Mon, Sep 02, 2013 at 03:45:53PM -0700, Gordon Morehouse wrote:
>> Are these guys sponsoring any Servers? Kinda rude if they are
>> not.
> Absolutely. I hope they are, but if they were, you'd kinda think
> they'd probably have told somebody. So I'm assuming not.
Did anyone think to a
Six things I did in August 2013:
1) Wrote a security advisory for the "Old Tor Browser Bundles
vulnerable" issue:
https://lists.torproject.org/pipermail/tor-announce/2013-August/89.html
and then posted it to the blog and helped to manage the confusion there
(700+ comments!)
https://blog.torpro
36 matches
Mail list logo
