On 09/05/2013 02:08 AM, Gordon Morehouse wrote: > mirimir: > [snip] >> Perhaps these 1.8e+6 (standard stats) to 4.0e+6 (beta stats) new >> Tor clients members of a botnet designed, at least in part, to >> securely and redundantly host hidden services. The demise of >> Freedom Hosting may have stimulated some creative thinking. > > As Asa mentioned earlier[1], there's no corresponding traffic on > social media. This is something people (like me) would get yelly > about on Twitter and such.
I wonder if grarpamp has seen a bunch of new hidden services. >> Also, if this were a botnet, I would expect it to show up in >> honeypots. Wouldn't its bots be easily detected, through searching >> for Tor connections? Having the vector might be very informative. > > Tor connections are easy to find without searching, no? I'm not sure. They might be more-or-less obfuscated. > If the botnet's purpose is to damage Tor, it may be less likely to be > caught with honey, so to speak. If this is a feature rollout using > Tor for C&C to an existing or rapidly-growing botnet, I'd expect to > hear about it soon from security researchers. That depends. If it's drawing on random clueless Windows users, as most botnets do, I don't see why it wouldn't show up in honeypots. If it's not showing up, it might be a feature rollout. Or it might not really be a physical botnet, but rather something very cleaver that looks like one. > I have a bad feeling that this is aimed at Tor itself, given other > recent developments e.g. in the NSA scandal, plus less recent > developments in nationalist "cyberwarfare." Just a hunch, though. I'm reminded of the point where the Aleph goes online in _Mona Lisa Overdrive_ ;) > [1] > https://lists.torproject.org/pipermail/tor-talk/2013-September/029841.html > > Best, > -Gordon M. > -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
