[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Analyzing TOR-exitnodes for anomalies

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Analyzing TOR-exitnodes for anomalies
From: glymr <glymr_darkmoon@xxxxxxx>
Date: Thu, 05 Oct 2006 17:11:34 +1000
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 05 Oct 2006 03:12:07 -0400
In-reply-to: <zloxk66uvddu$.zmc79xil68b2$.dlg@40tude.net>
Openpgp: id=A7ACEC9B
References: <45226626.90203@Gmx.net> <20061003154813.GA31075@deadbox.ath.cx> <20061003161048.GA9281@gmx.de> <20061004163314.GB23881@gmx.de> <zloxk66uvddu$.zmc79xil68b2$.dlg@40tude.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20061003)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I am not adding anything useful, but I wish to add my feeling about this
situation that people are so rapidly responding to a threat so early.

:) tor will never die if people like you all are on it. (which reminds
me i've blathered about writing a dns proxy patch for tor so dns leaks
are a thing of the past, and i bloody better do something serious about
it DANGIT!)

dns poisoning is of course a bigger problem than tor, there has been
discussion about the 'splitting of the root' some months ago as it turns
out that dns servers will give out different addresses depending on the
nation of locality. This is a very serious problem and extends beyond
the domain of the tor network. I have no idea where to point people with
regard to this subject but I hope someone who has a bee in their bonnet
about it will very shortly.

Claude LaFrenière wrote:
> Hi  *Alexander W. Janssen*   :
> 
>> Hi all,
>>
>> considering that I heard from several people that they notice strange
>> sideeffects since a couple of days - altered webpage, advertisement where no
>> ads should be - I started a little investigation if there are any obviously
>> bogus exitnodes in the wild:
>>
>> http://itnomad.wordpress.com/2006/10/04/analyzing-tor-exitnodes-for-anomalies/
>>
>> I welcome you to start your own investigation; if there are really bogus
>> exitnodes we should be aware of those and we should know their node's nickname
>> to put them on a shitlist.
>>
>> This might leed to an escalation in the future when marketeers realize the
>> possibilities of altering traffic.
>>
>> Comments, ideas, pointers to other projects?
>>
>> Alex.
> 
> Hmmm...  Bogus exit nodes or bogus DNS servers ?
> 
> Is it possible that the strange side effects comes, not from the exit nodes
> themselves, but from the DNS server used by these exit nodes ?
> 
> A kind of DNS poisonning? (From a local DNS server or Remote DNS server...)
> Ref.: http://en.wikipedia.org/wiki/DNS_poisoning
> 
> Our suspicions about "bogus exit nodes" must be based on facts 
> so I suggest to collect information about this issue here.
> 
> What we can do is to report any "strange side effect" including:
> 
> the link to the web site
> the resulting link with the redirection like the ones we're talking about
> the exit node used to access this web site
> 
> 
> :)
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFJLAmGkOzwaes7JsRA508AJ0bN6BhDB86etVVlYPwk5/ae7a7GQCfRqZl
KUW45IG2fHmy59wYA5bbA04=
=usn6
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Analyzing TOR-exitnodes for anomalies
  - From: Claude LaFrenière

References:
- More bad tor server?
  - From: News Assi
- Re: More bad tor server?
  - From: nile
- Re: More bad tor server?
  - From: Alexander W. Janssen
- Analyzing TOR-exitnodes for anomalies
  - From: Alexander W. Janssen
- Re: Analyzing TOR-exitnodes for anomalies
  - From: Claude LaFrenière

Prev by Author: Re: Confused about Tor settings
Next by Author: Fwd: end-to-end encryption? SSL? GnuPG?
Previous by thread: Re: Analyzing TOR-exitnodes for anomalies
Next by thread: Re: Analyzing TOR-exitnodes for anomalies
Index(es):
- Author
- Thread