Developers of the Tor Anonymous Network about conducting a large purge of nodes that use outdated software, which is no longer supported. On October 8, about 800 outdated nodes operating in relay mode were blocked (there are more than 6000 such nodes in the Tor network in total). The blocking was done by placing a black list of problem nodes on the directory servers. Exclusion from the network of non-updated bridge nodes (bridge) is expected at a later date.
The next stable release of Tor, scheduled for November, will have an option to reject connections to hosts by default.
running releases of Tor that have reached their maintenance time limit. Such a change will allow in the future, as support for the next branches is terminated, to automatically exclude nodes from the network that have not switched to the current software in time. For example, at present, there are even nodes in the Tor network with Tor 0.2.4.x, which was released in 2013, despite the fact that until now LTS branches 0.2.9.
Legacy system operators have been notified of the planned lockdown in through mailing lists and sending individual alerts to the contact addresses specified in the ContactInfo field. After the warning, the number of non-upgraded nodes decreased from 1276 to about 800. According to preliminary estimates, about 12% of traffic currently passes through legacy nodes, most of which is related to backhaul - the share of traffic of non-upgraded exit nodes is only 1.68% (62 nodes). It is predicted that the removal of non-upgraded nodes from the network will slightly affect the size of the network and lead to a slight drop in indicators by , reflecting the state of the anonymous network.
The presence of nodes with outdated software on the network negatively affects stability and creates additional security risks. If an administrator does not keep Tor up to date, then it is likely that he is negligent in updating the system and other server applications, which increases the risk of taking control of the node as a result of targeted attacks.
In addition, hosts with releases that are no longer supported prevent important bugs from being fixed, prevent the spread of new protocol features, and reduce network efficiency. For example, non-updated nodes, in which in the HSv3 handler, increase the latency of user traffic passing through them, and increase the overall network load due to clients sending repeated requests after failures in processing HSv3 connections.
Source: opennet.ru