How to report bad relays

by phw | July 28, 2014

We now have a page which explains how bad relays should be reported to the Tor Project. A bad relay can be malicious, misconfigured, or otherwise broken. Once such a relay is reported, a subset of vigilant Tor developers (currently Roger, Peter, Damian, Karsten, and I) first tries to reproduce the issue. If it's reproducible, we attempt to get in touch with the relay operator and work on the issue together. However, if the relay has no contact information or we cannot reach the operator, we will resort to assigning flags (such as BadExit) to the reported relay which instructs clients to no longer use the relay in the future. In severe cases, we are also able to remove the relay descriptor from the network consensus which effectively makes the relay disappear. To get an idea of what bad behavior was documented in the past, have a look at this (no longer maintained) wiki page or these research papers.

We regularly scan the network for bad relays using exitmap but there are several other great tools such as Snakes on a Tor, torscanner, tortunnel, and DetecTor. We are also dependent on the wider community to help us spot relays which don't act as they should. So if you think that you stumbled upon a bad relay while using Tor, please report it to us by sending an email to bad-relays@lists.torproject.org. To find out which relay is currently being used as your exit relay, please visit our Check service. Just tell us the relay's IP address (Check tells you what your IP address appears to be) and the behavior you observed. Then, we can begin to investigate!

Comments

Please note that the comment area below has been archived.

July 28, 2014

Permalink

I know some evil nodes are DROPping HTTPS request!!(80/tcp allowed, 443/tcp blocked)

But, does this problem happens by ONLY exit nodes?
What about:

You->Node1->Node2(BADGUY)->Node3(Exit)->Target

Node2 is blocking outbound connection?

Node2 in this case can't see what your destination is, and can't modify your traffic (including what destination you ask for) or it will fail the checksum at the edge of the circuit.

So yes, Node2 can do things like refuse to let you extend your circuit to Node3. See e.g. the work on
https://trac.torproject.org/projects/tor/ticket/12131

But that's a different class of attack.

Help is TOR SAFE? :( I have JAVA OFF AND COOKIE SECURED. IS TOR on windows safe? I mailing on mail2tor whit java off....

People see my TOR is bad and not safe!
HELP!! IS TOR SAFE OR NOT SAFE? :( ♥

xxLisaxx

July 28, 2014

Permalink

> To find out which relay is currently being used as your exit relay, please visit our Check service.

This is NOT true.

xxxx.com -> Node1->Ghost->Syrup
check.torproject.org -> Node1->Somma->Testing

If you are using "IsolateDestAddr", both are using DIFFERENT route.

If you are using IsolateDestAddr, we assume you know what you're doing and how to see your circuits. Tor Browser Bundle doesn't set that by default (and I think that's wise).

July 30, 2014

In reply to arma

Permalink

Still, doesn't tor load balance over multiple circuits even without isolation?

July 29, 2014

Permalink

"In severe cases, we are also able to remove the relay descriptor from the network consensus which effectively makes the relay disappear."

So you guys are able to control the TOR network?

I mean if the NSA or some other agency comes to you with a court warrant...the whole TOR network would be shut down...or replaced with the nodes that they control....

If a sufficient number of directory authority operators agree (which is not always the case), then they are able to disable a selected relay. This happens every other day or week when we discover a malicious or broken relay. Also, our directory authority operators as well as their servers are in different jurisdiction which makes political attacks harder.

July 29, 2014

Permalink

Please remove KasperskyTor (or any anti-virus company's node)
It's spying on HTTP, and write about it on their blog.

July 29, 2014

Permalink

Kaspersky (the company) openly runs a number of published Tor nodes. This is not necessarily a bad thing, although I would prefer that businesses sponsor Noisebridge nodes in preference to running their own.

The Kaspersky blog is notable for treating USIC malware just like any other state-sponsored malware, which is valuable to our cause.

Like any successful Russian businessman, Kaspersky (the person) presumably finds it advisable to stay within the party line, for example by calling for the de-anonymization of the entire www. And he does have known ties to the Russian military and to the former KGB, so presumably he is not a natural ally of our most lethal enemy.

If the poster's more serious claim is true, something may soon appear here:

http://blog.kaspersky.com/tor-faq/

Exodus and like-minded entities are currently trying hard to intimidate the Tor userbase. The Tor Project can respond by working closely with experts at CCC, Kaspersky, Citizen Lab, etc., to reverse engineer and publish analyses of any state-sponsored malware found to be attacking fast Tor nodes, the torproject.org network, and personal devices used by Tor node operators and your staffers.

In fact, you can quietly set up honeypots designed to attract state-sponsored attacks, such as hidden services with not-elsewhere-published discussions of advanced steganography. We need to let our enemies know that they are likely to pay a price for unleashing their nastiest techniques against us.

We seem to be locked in a death spiral of mutual recrimination here, since by USIC standards, threatening to run a honeypot probably counts as "intimidation" of the NSA, and thus as "terrorism" [sic]. I beg to differ with any such "legal analysis", since running a honeypot is perfectly legal, and everyone enjoys a natural right of self defense when he comes under direct attack. But we are very obviously not getting a fair hearing in the corridors of power.

Some posters (but not you, I think) seem to advocate that we should conclude there is nothing to be done about NSA. But that's not true. There is much we can do about NSA, especially if we do not limit the scope of considered countermeasures to purely technological measures, but also include political, psychological, and economic strategies.

We have the inestimable advantage that OUR activity is entirely legal; THEY are the lawbreakers, the unauthorized intruders, the porn-passers, the kidnappers, the lethal drone-strikers. Taking the wider view, their problems are much worse and more intractable than ours. To name just two:

1. When the USIC adopted "collect it all", and determined that non-US citizens have no rights whatever, they in effect declared war on the entire world. Other governments have previously declared war on the entire world and they all were in the end decisively eradicated. Such will be the ultimate fate of NSA.

2. The people the USIC fears the most are demonstrably their own employees, who must inevitably feel resentment at the "continuous monitoring" BS. We can employ a little "suasion" of our own here.

We can win the War on US, and everyone will be the better for it.

Best of all, once we resolve the issue of regime change, we can all turn our attention to the issue which really matters: climate change.

This Russian-style pontificator's last irony is that while he abuses this Tor blog to proselytize for his personal climate beliefs, his Russian government heros are not on his own side (in practice).

Now his other bigger irony is actually Tor related.
Russian government is not happy with Tor.

"Putin Sets $110,000 Bounty for Cracking Tor"
http://www.bloomberg.com/news/2014-07-29/putin-sets-110-000-bounty-for-…

July 31, 2014

Permalink

It is possible to identify tor.

You--->NSA1--->NSA2--->NSA3--->Web

NSA owns 3 nodes.
NSA1 and 2 are non-exit nodes.

They are configured like this:
> StrictNodes 1
> ExitNode NSA3
> ExcludeNodes (IP range ALL - NSA nodes - Known Bridge IP)

So NSA nodes send data only to NSA nodes.

July 31, 2014

Permalink

No mainstream operating system is safe. Windows have backdoors for enforcement and government.

No hardware or electronic is safe because enforcement and government add bugs during manufacturing or intercept the electronics during shipping to you.

Some software is not safe because they have backdoor for enforcement and government.

Tor is our only hope and we need more programmers and developers right now!

Please spread the world as this is a cyber war against various enemies that want to put you on a spy grid!

August 01, 2014

Permalink

FRom Iran:
ORBOT Is Dead....
not working on versions 12.xx 13.xx 14.xx
Please help....!!!!