[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Analyzing TOR-exitnodes for anomalies



On Thu, Oct 05, 2006 at 09:31:47PM +0800, Deephay wrote:
> Also, the logo "linux-magazine.com what you need, when you
> need it" is a image or just text?

Exactly the same page is at http://www.wdr.tv/.

The content of that page is (gathered with tcpdump):
<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
<frame
src="http://searchportal.information.com/?a_id=20223&domainname=wdr.tv";>
</frameset>

I don't know what the variable a_id is about - maybe a customer-id? However,
domainname can be set to any arbitrary value.

This seems to be the company behind it: http://oversee.net/

> Maybe it is a DNS poisoning job, maybe some guy runs a local DNS
> server as well as a tor node to make some profit by directing us to
> this bogus linux-magazine? Interesting.

Maybe, that would be an explantion considering how the searchportal-thing is
working.
However, I'm 75% through my second run with no results so far.

Will keep you updated.

> Deephay

Alex.

-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institute, 1901. 

Attachment: signature.asc
Description: Digital signature