Tor nodes are quite poorly monitored it seems
Tor nodes are quite poorly monitored it seems
Posted Aug 1, 2025 19:25 UTC (Fri) by hcrs (guest, #178641)Parent article: When free-software communities unite for privacy
I have impression these days almost nobody monitors - or bans - misbehaving tor nodes.
1) Bunch of nodes clearly belong to adjacent subnets and used for en masse attacks similar to Sybil in spirit. Some even honestly (?) write things like "CozyBearDev" (RU gov-associated hackers) in node family. And obviously have many quite large IP blocks only few entities on globe could afford.
1) Bunch of nodes clearly belong to adjacent subnets and used for en masse attacks similar to Sybil in spirit. Some even honestly (?) write things like "CozyBearDev" (RU gov-associated hackers) in node family. And obviously have many quite large IP blocks only few entities on globe could afford.
2) Some nodes doing outright malicious things, like
Jul XX XX:XX:XX.000 [warn] Detected possible compression bomb with input size = 18894 and output size = 604704
Jul XX XX:XX:XX.000 [warn] Possible compression bomb; abandoning stream.
Then tor gets plenty of these - but not really bans offending sender or trying alternate sources. Seems this kind of activity not really monitored by project.
3) Clearly too many nodes on adjacent IPs. Some IP ranges look outright evil.
So tor is quite centralized in terms of relays management - but it seems it brings not much benefits since overall network management got screwed over time to point it IMO became quite scary to use. At least in normal ways.