Sign in

>25% of the Tor network’s exit capacity has been attacking Tor users

In August 2020 I reported about “How Malicious Tor Relays are Exploiting Users in 2020 (Part I)”. Back then I made the hypothesis that the entity behind these malicious tor relays is not going to stop its activities…


>23% of the Tor network’s exit capacity has been attacking Tor users

In December 2019 I wrote about The Growing Problem of Malicious Relays on the Tor Network with the motivation to rise awareness and to improve the situation over time. Unfortunately instead of improving, things have become even worse, specifically when it comes to malicious Tor exit relay activity.

Tor exit…


Since there have been some speculations and questions around why all of a sudden I disappeared from twitter I’d figure I give you with my side of the story.

TLDR: I don’t know why my account got suspended and my appeal was turned down.

Initially I created my twitter account…


Background

I’ve a long standing interest in the state of the Tor network. In 2015 I started OrNetRadar to help detect new relay groups and possible Sybil attacks that could pose a risk to Tor users. In 2017 I was asked to join a closed Tor Project mailing list to help…


“Who controls Tor’s DNS traffic?” revisited

Over a year ago, in April 2018, we looked into Tor’s DNS landscape and confirmed previous observations from 2016 that a significant fraction of tor exit relays make use of public DNS resolvers like Google’s 8.8.8.8.

Now 15 months later, its time to revisit this issue again to find out…


Mapping the RPKI unreachable IP address space.

In the previous post (see that for some more context) we analyzed RPKI INVALID IP address prefixes that are unreachable (no alternative route available) and used number of prefixes-origin pairs as primary metric, but argued that prefix-origin-pair-counts are not the best metric (many…


Up until not too long ago basically no network operator actually protected herself by implementing route origin validation (ROV) to make BGP hijacking attacks harder.

Implementing ROV means that BGP prefix-origin pairs are validated against route origin authorizations (ROAs) before they are considered. …


Privacy adversaries may use BGP hijacking attacks to gain access to a bigger portion of Tor traffic than they would be able to see otherwise. …


An Analysis of the Tor DNS Landscape.

Unlike other relays, tor exit relays also take care of name resolution for tor clients. Their DNS configuration actually determines where the tor network’s DNS traffic is send to.

Ever since the tor-dns paper I wanted to take a look at the current state of DNS resolver distributions on the…


A limited number of relay groups can see you enter and exit the Tor network (deanonymization).

TL;DR: If you want to get the list of relevant Tor relays go to the bold URL near the end of this page.

When a Tor client routes traffic through the Tor network he…

nusenu

Tor, Routing Security and DNS Privacy related Topics. https://nusenu.github.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store