From: Gregory Maxwell <gmaxwell@gmail•com>
To: Jeremy <jlrubin@mit•edu>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>, alex@stamos•org
Subject: Re: [Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic
Date: Sun, 27 Jul 2014 19:29:52 -0700 [thread overview]
Message-ID: <CAAS2fgRg2CBphTweeFh7r==ej_UqjGtFUwVKuRejFOaE_aVyFA@mail.gmail.com> (raw)
In-Reply-To: <CAD5xwhhKKooGBfSY3nZzMmS=3WD=EdX9FQ7mZtQL3fkikuwyLg@mail.gmail.com>
On Sun, Jul 27, 2014 at 7:12 PM, Jeremy <jlrubin@mit•edu> wrote:
> Hey,
>
> There is a potential network exploit going on. In the last three days, a
> node (unnamed) came online and is now processing the most traffic out of any
> tor node -- and it is mostly plaintext Bitcoin traffic.
>
> http://torstatus.blutmagie.de/router_detail.php?FP=0d6d2caafbb32ba85ee5162395f610ae42930124
>
> Alex Stamos (cc'ed) and I have been discussing on twitter what this could
> mean, wanted to raise it to the attention of this group for discussion.
>
> What we know so far:
>
> - Only port 8333 is open
> - The node has been up for 3 days, and is doing a lot of bandwidth, mostly
> plaintext Bitcoin traffic
How do you know what traffic it's actually doing.
> - This is probably pretty expensive to run? Alex suggests that the most
> expensive server at the company hosting is 299€/mo with 50TB of traffic
I'm confused as to how its doing anything at all, as it doesn't have
the exit flag. (IIRC, Tor directories won't give you the exit flag
unless you exit 80/443 to a pretty substantial chunk of IPv4 space).
Because of this no normal tor node should be selecting it as an exit.
Could this just be lying about its traffic levels?
next prev parent reply other threads:[~2014-07-28 2:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-28 2:12 Jeremy
2014-07-28 2:17 ` Jeremy
2014-07-28 2:29 ` Gregory Maxwell [this message]
2014-07-28 2:40 ` Peter Todd
2014-07-28 2:45 ` Gregory Maxwell
2014-07-28 2:49 ` Michael Wozniak
2014-07-28 2:54 ` mbde
2014-07-28 3:44 ` Gregory Maxwell
2014-07-28 7:41 ` Drak
2014-07-28 10:16 ` Mike Hearn
2014-07-28 11:28 ` Peter Todd
2014-07-28 12:31 ` Robert McKay
2014-07-28 14:08 ` Gregory Maxwell
2014-07-28 16:13 ` s7r
2014-07-28 11:37 ` s7r
2014-07-28 3:13 ` Robert McKay
2014-07-28 3:07 ` Gregory Maxwell
2014-07-28 3:12 Anatole Shaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAS2fgRg2CBphTweeFh7r==ej_UqjGtFUwVKuRejFOaE_aVyFA@mail.gmail.com' \
--to=gmaxwell@gmail$(echo .)com \
--cc=alex@stamos$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=jlrubin@mit$(echo .)edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox