Delivery-Date: Sun, 09 Nov 2014 16:50:23 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 806A31E009A;
	Sun,  9 Nov 2014 16:50:21 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8B7F831070;
	Sun,  9 Nov 2014 21:50:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4C742284A8
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 21:50:13 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eL_9RqqqdVh0 for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 21:50:13 +0000 (UTC)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com
 [IPv6:2a00:1450:4010:c03::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id DC86E28491
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 21:50:12 +0000 (UTC)
Received: by mail-la0-f46.google.com with SMTP id gm9so6638452lab.5
 for <tor-talk@lists.torproject.org>; Sun, 09 Nov 2014 13:50:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=ZV+4q/nZI/LsvdMVdO4qYGuc2oSleSv+JWOt1fAKPFo=;
 b=Gq3QjMdnUe6ZNBvagtoTq2BMyBxG3AKz3sYQz4QR+CnlPUZOfSk96VpKq05/AlDqex
 qeenjk6osiJmvbh89Pac+ic8qh4kKi3raPw3LvLj9kWQ2BYFocHxLb5ZAxqEGNqAOIOd
 grF00ZOGGvjd4om6H9dIhno0baiDjdvVtQ0cz8ahYBukkpECyU/uucHAYYLVzqTm1Mmi
 IGDl0X1Vn5AyU8R8oH1pPkJ6zb0/krUUXG10npb1PpaHorlrBuCJHH86Sg2RafRc/1nm
 TuMPq6lFNUdwXHjhmHuaClieV+Z4tl1TMpbZJlOmquoqQkEJ/LNogOInQjFCx9+ROlI5
 6oEA==
MIME-Version: 1.0
X-Received: by 10.112.11.133 with SMTP id q5mr4876994lbb.77.1415569809504;
 Sun, 09 Nov 2014 13:50:09 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Sun, 9 Nov 2014 13:50:09 -0800 (PST)
In-Reply-To: <CAD2Ti2-8muM890pEKRKtE9ffh-vRvcJrgfmG++XF4bdcMZLW+g@mail.gmail.com>
References: <CAJVRA1Qc_oDPMyiTKKETqqRrWkTK3j8qwi37ELhOk2xVTyvxqg@mail.gmail.com>
 <CAJVRA1SGKkYQ-hk2RiciMAVvG-UR8nX2okmgvb7tD6nyyN9_ZQ@mail.gmail.com>
 <CAJVRA1Smof5HKJAPCEg-CKTErnM8g0BJDTiyv6TpR0B4Mpv_0g@mail.gmail.com>
 <20141109160835.GC26807@dysnomia.persephoneslair.org>
 <CAD2Ti2-8muM890pEKRKtE9ffh-vRvcJrgfmG++XF4bdcMZLW+g@mail.gmail.com>
Date: Sun, 9 Nov 2014 13:50:09 -0800
Message-ID: <CAJVRA1SHXOfmuFx56t0wEM4e-F8-ev9qoSBPc9F22D6wn1pneg@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Cc: cypherpunks@cpunks.org
Subject: Re: [tor-talk] insufficient hidden service performance is potential
 de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/9/14, grarpamp <grarpamp@gmail.com> wrote:
> ...
> HS operators banding together to compare the above logs is one
> of them. You could conceivably throw the logs/pcaps from many
> relays and onions into a splunk.onion instance and try to mine some
> knowledge out of them that way. Tor is a jointly owned wide area
> infrastructure... seems time to apply the traditional net/sec tools
> to it and see what's up on your own network.


if you'd like to help test, the existing PyLoris implementation does
not handle hidden services well, instead uses host DNS to lookup and
then connect to IP address.

i have modified a Tor HS PyLoris and updated the HS 100 connections
ticket with a copy:
  https://trac.torproject.org/projects/tor/ticket/8902#comment:7


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

