Spoiled Onions: Exposing Malicious Tor Exit Relays

Spoiled Onions: Exposing Malicious Tor Exit Relays 65

Posted by timothy on Sunday January 26, 2014 @03:32AM from the just-tell-me-I'll-pass-on-the-message dept.

An anonymous reader points out this recently published study (PDF) on detecting malicious (or at least suspicious) Tor exit relays. From their conclusions: "After developing a scanner, we closely monitored all ~1000 exit relays over a period of four months. Wed discovered 25 relays which were either outright malicious or simply misconfigured. Interestingly, the majority of the attacks were coordinated instead of being isolated actions of independent individuals. Our results further suggest that the attackers made an active effort to remain under the radar and delay detection." One of the authors, Philipp Winter, wrote a followup blog post to help clarify what the paper's findings mean for Tor users, including this clarification: "First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays 'in the wild."

Spoiled Onions: Exposing Malicious Tor Exit Relays

This discussion has been archived. No new comments can be posted.

Search 65 Comments Log In/Create an Account

Comments Filter:

Re:Not entirely a dupe (Score:5, Interesting)

by mSparks43 ( 757109 ) writes: on Sunday January 26, 2014 @04:56AM (#46071519) Journal

"New information" being this isn't 25 of 1,000 nodes.
its 25 of some unknown number of nodes, of which 1,000 are active at any one time.
And as I tried to point out last tiime (and am greatful for the opportunity to reiterate)
exit nodes only account for 100Mbps of tors 3Gbps average traffic (most of the traffic being to hidden services which never go near an exit node)
So if anything this is testament to the security of tor.network.
I guess much of the fear comes from the silkroad take down, but that was foiled by the good old postal service and human error, not the technology itself.

Comment removed (Score:5, Interesting)

by account_deleted ( 4530225 ) writes: on Sunday January 26, 2014 @05:23AM (#46071577)

Comment removed based on user account deletion

Re:Surprised (Score:5, Interesting)

by AmiMoJo ( 196126 ) * writes: on Sunday January 26, 2014 @07:11AM (#46071777) Homepage Journal

How is that any different from running a free wifi service? Note that most of the illegal material is on Tor hidden services so would never leave your exit node at all, and all censorship on your connection remains in place for everyone using it.

Re:If all it takes is one... (Score:1, Interesting)

by anti-todo ( 3513619 ) writes: on Sunday January 26, 2014 @07:58AM (#46071895)

Sounds like a good reason to tunnel your traffic through a vpn on top of tor, no?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Spoiled Onions: Exposing Malicious Tor Exit Relays 65

Spoiled Onions: Exposing Malicious Tor Exit Relays More Login

Spoiled Onions: Exposing Malicious Tor Exit Relays

Re:Not entirely a dupe (Score:5, Interesting)

Comment removed (Score:5, Interesting)

Re:Surprised (Score:5, Interesting)

Re:If all it takes is one... (Score:1, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot