From: Gregory Maxwell <gmaxwell@gmail•com>
To: "mbde@bitwatch•co" <mbde@bitwatch•co>
Cc: Bitcoin Development <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic
Date: Sun, 27 Jul 2014 20:44:35 -0700 [thread overview]
Message-ID: <CAAS2fgRVUbEM=7KQt-Haue=+sgAFu=HrfDdS0hhatNawci_eZQ@mail.gmail.com> (raw)
In-Reply-To: <53D5BB5F.2060200@bitwatch.co>
On Sun, Jul 27, 2014 at 7:54 PM, mbde@bitwatch•co <mbde@bitwatch•co> wrote:
> These website list Tor nodes by bandwidth:
>
> http://torstatus.blutmagie.de/index.php
> https://torstatus.rueckgr.at/index.php?SR=Bandwidth&SO=Desc
>
> And the details reveal it's a port 8333 only exit node:
> http://torstatus.blutmagie.de/router_detail.php?FP=0d6d2caafbb32ba85ee5162395f610ae42930124
As I pointed out above, — it isn't really. Without the exit flag, I
believe no tor node will select it to exit 8333 unless manually
configured. (someone following tor more closely than I could correct
if I'm wrong here)
> blockchain.info has some records about the related IP going back to the
> end of this May:
>
> https://blockchain.info/ip-address/5.9.93.101?offset=300
dsnrk and mr_burdell on freenode show that the bitnodes crawler showed
it accepting _inbound_ bitcoin connections 2-3 weeks ago, though it
doesn't now.
Fits a pattern of someone running a bitcoin node widely connecting to
everyone it can on IPv4 in order to try to deanonymize people, and
also running a tor exit (and locally intercepting 8333 there), but I
suspect the tor exit part is not actually working— though they're
trying to get it working by accepting huge amounts of relay bandwidth.
I'm trying to manually exit through it so I can see if its
intercepting the connections, but I seem to not be able.
Some other data from the hosts its connecting out to proves that its
lying about what software its running (I'm hesitant to just say how I
can be sure of that, since doing so just tells someone how to do a
more faithful emulation; so that that for whatever its worth).
next prev parent reply other threads:[~2014-07-28 3:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-28 2:12 Jeremy
2014-07-28 2:17 ` Jeremy
2014-07-28 2:29 ` Gregory Maxwell
2014-07-28 2:40 ` Peter Todd
2014-07-28 2:45 ` Gregory Maxwell
2014-07-28 2:49 ` Michael Wozniak
2014-07-28 2:54 ` mbde
2014-07-28 3:44 ` Gregory Maxwell [this message]
2014-07-28 7:41 ` Drak
2014-07-28 10:16 ` Mike Hearn
2014-07-28 11:28 ` Peter Todd
2014-07-28 12:31 ` Robert McKay
2014-07-28 14:08 ` Gregory Maxwell
2014-07-28 16:13 ` s7r
2014-07-28 11:37 ` s7r
2014-07-28 3:13 ` Robert McKay
2014-07-28 3:07 ` Gregory Maxwell
2014-07-28 3:12 Anatole Shaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAS2fgRVUbEM=7KQt-Haue=+sgAFu=HrfDdS0hhatNawci_eZQ@mail.gmail.com' \
--to=gmaxwell@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=mbde@bitwatch$(echo .)co \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox