[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Information at exit node.



On Tue, Apr 21, 2009 at 03:29:22AM -0500, Scott Bennett wrote:
>      On Tue, 21 Apr 2009 09:30:08 +0200 Brent Clark <brentgclarklist@xxxxxxxxx>
> wrote:
> >Still kinda new to Tor, so my questions is, what information can exactly 
> >be gathered by an exit node?
> >
> >If someone can help me understand, if would be appreciated.
> >
>      For starters, the exit node has to have the IP address and port number
> to which the stream wants a connection.  After that, the exit node sees all
> data passing in either direction as part of the stream.  If those data happen
> to be unencrypted, then anything embedded in the data can be collected.  This
> latter is why the various recommended tor-related plug-ins for browsers have
> been made available.  Each one performs many tasks, including attempts to
> disable anything embedded in HTML, JavaScript, Java, etc. from being able to
> report originating IP address information or other identifying inforemation
> anywhere.

To extend this last point, it is not just what the exit node can see,
but what it can do. Encrypted traffic is also typically
integrity-protected in various ways. The exit node can insert anything
into the traffic in either direction, and, if the traffic is
unencrypted, probably endetectably. this can give you all sorts of
bogus data, or, as Scott noted, insertions of malicious code---either
to identify you or for other purposes.

-Paul