Author: Gregory Maxwell 2014-07-28 02:29:52
Published on: 2014-07-28T02:29:52+00:00
On July 27, 2014, Jeremy sent an email to a group indicating that a potential network exploit was happening. A node had gone online in the last three days and was now processing the most traffic out of any tor node, mostly plaintext Bitcoin traffic. The node is identified by its fingerprint on TorStatus, but it is not named. Only port 8333 is open, and the node has been up for three days, doing a lot of bandwidth, mostly plaintext Bitcoin traffic. Alex Stamos was also included in the email, and he and Jeremy have been discussing on Twitter what this could mean. It was brought to the email group's attention for discussion.The group discussed how they knew what traffic the node was doing and whether it was possible that the node was lying about its traffic levels. They also noted that it was confusing how the node was doing anything at all since it did not have the exit flag. Tor directories will not give you the exit flag unless you exit 80/443 to a substantial chunk of IPv4 space, so no normal tor node should be selecting it as an exit.Additionally, they considered the cost of running such a node, with Alex suggesting that the most expensive server at the company hosting costs €299/month with 50TB of traffic.
Updated on: 2023-05-19T19:11:46.890625+00:00