Bad Relays - Session

  • Introduction

We listed some possible bad Exit possible traffic attack. mitm, bitcoin, .onion rewrite, SSL strip.

Listed some of our detection methods and tools being used.

  • Discussed why bad relays git repository or team members are not public.
  • Try to actually graph the bad relays from the public data using the dirauth votes and the pattern that we can notice when a relay get rejected.
  • State of detection.

One person is running almost all detections so how to improve that?

Is it OK to run detection on TPO infrastructure basically making TPO responsible for the "health" of the network?

Uncertain... maybe we need some "bad relays authority" that we trust and detection are ran by trusted people and we use their data with more trust.

Seems to be a consensus that trusted individuals should run bad relays detection instead of TPO basically and thus becoming "authority".

  • Formalize attribution to good relays.

Using MyFamily, Contact Information, maybe a marker for that at the authority level?

The subset of bad relays gets smaller. However, we should still scan them, they do not get a free pass.

  • Improve detection

Using better tools like selenium that is using a real Tor Browser.

Detect open services that expose traffic information like ntop.

Collect *good* relays characteristic and detect any relays coming in with similar thing like Nickname, OR/DirPort, Version, etc...?

  • Finding bad Guards is difficult. We need more ideas/research.
  • Doing a blog post about "Bad Relays Report 2017". Also doing a call for help. Incentivize with swag new volunteers.
  • Gamify the good relays with "achievement".
Last modified 6 months ago Last modified on Mar 27, 2017, 12:06:22 PM