On Sun, Apr 26, 2015 at 11:19:08AM +0000, nusenu wrote: > > On Thu, Apr 23, 2015 at 07:30:57PM +0000, nusenu wrote: > >>> Almost all of them were younger than one month and they seem > >>> to have joined the network in small batches. I uploaded > >>> Onionoo's JSON-formatted relay descriptors, so everybody can > >>> have a look: > >>> <http://www.nymity.ch/badexit/bad_descriptors_2015-04-23.zip> > >> > >> I compared your list (71 FPs) with my list (55 FPs) from > >> 2015-04-05 [1], we have an overlap of (only) 30 relays. An > >> overlap of around ~50 would be better. > > > > Yes, I remember your list. Thanks a lot for sharing it, it's > > really helpful! > > > > The relays that are in your, but not in my list indeed look quite > > similar to the rest. They don't have a BadExit flag because nobody > > has caught them doing something nasty yet. > > So you do not think that they are controlled by the same (malicious) > entity? (even though some declare their MyFamily accordingly*)
I'm not sure, unfortunately. > Or is the requirement to flag them as badexit to catch them red handed? We don't really have any requirements. Every case is different and judged individually. > The case that one took over legit relays is unlikely since many are > rather 'fresh' ones. Maybe somebody started a Tor relay after breaking into them? > Or: Are they still on the network so we can see what they are after? ;) > (rather hard given the amount of potential targets) > > Did you (or anyone else?) try to reach out to them via their ISP(s)? Not yet, but I hope to get to it later today. It's certainly odd that all these relays were in only a few data centers. Cheers, Philipp -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
