[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor exit nodes attacking SSH?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor exit nodes attacking SSH?
From: Alexander Nasonov <alnsn@xxxxxxxxx>
Date: Wed, 9 Aug 2017 21:08:30 +0100
Authentication-results: smtp4j.mail.yandex.net; dkim=pass header.i=@yandex.ru
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Aug 2017 16:08:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1502309319; bh=DZyutvCkjtlpJUE7SOgq+n9MvOw0pQfSa2SLd7u7tto=; h=Date:From:To:Subject:Message-ID:References:In-Reply-To; b=jjiHrlKS+RNfHEZ1p9i2Y1CgXaGCxmJvGeD6rtgwT2uqfzGWeB61ze7CkeJSz8YQz rKKt8vg3EDpFo9wisfrAqQmgaX0+ATD6pEd1eUrjnzMYADjd5Gtp4ft1wKUl46GKLD K+jySEc48R4iA8daXjuaDBw2T9lIuPYD+/xRboI4=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1502309319; bh=DZyutvCkjtlpJUE7SOgq+n9MvOw0pQfSa2SLd7u7tto=; h=Date:From:To:Subject:Message-ID:References:In-Reply-To; b=jjiHrlKS+RNfHEZ1p9i2Y1CgXaGCxmJvGeD6rtgwT2uqfzGWeB61ze7CkeJSz8YQz rKKt8vg3EDpFo9wisfrAqQmgaX0+ATD6pEd1eUrjnzMYADjd5Gtp4ft1wKUl46GKLD K+jySEc48R4iA8daXjuaDBw2T9lIuPYD+/xRboI4=
In-reply-to: <33551502260734@web43j.yandex.ru>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <33551502260734@web43j.yandex.ru>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: NeoMutt/20170609 (1.8.3)

me@xxxxxxxxxxxxxxxx wrote:
> Make a "trap" ssh server (for example on virtualbox machine
> without any sensitive data) and log in into it through tsocks.
> After that check from which ip it was logged in. This probably
> would be ip of the exit node.

What if they "bridge" mitm-ed traffic to a different host?

I saw a similar ssh warning few weeks ago but I wasn't prepared to
identify the bad exit. I set SafeLogging to 0 and I will enable
debugging via SIGUSR2 next time this happens. Can someone confirm
whether it's a good way of identifying bad exits?

-- 
Alex
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor exit nodes attacking SSH?
  - From: Chad MILLER
- Re: [tor-relays] Tor exit nodes attacking SSH?
  - From: Roman Mamedov

References:
- Re: [tor-relays] Tor exit nodes attacking SSH?
  - From: me

Prev by Author: Re: [tor-relays] Go home GeoIP, you're drunk.
Next by Author: Re: [tor-relays] Go home GeoIP, you're drunk.
Previous by thread: Re: [tor-relays] Tor exit nodes attacking SSH?
Next by thread: Re: [tor-relays] Tor exit nodes attacking SSH?
Index(es):
- Author
- Thread