[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor exit nodes attacking SSH?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor exit nodes attacking SSH?
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Sun, 8 Oct 2017 14:00:30 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Oct 2017 14:01:25 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=R7hhJCTTeChMHI82j/cmf3AwN9M6wCOFQm0m37P4P5g=; b=cr0TWWaak4H5W1kr/joptqBHPRXuwkt6FVV3q7g3WjKiFQ6pBcFZOcSc9JrB0N1vUc +tr1g0DzCQ3LvUNgRkcEbUSAeeqCCxj3KjTyyUDHk3LaHi2l41MKLTYepkTgEEXgWPLP UbaioqJOZ+eOwfm1WkH2ewLNGnFjbGxq9o0U8z6jTYvgMB7Gc6afgxy9E/hY17mvUAy1 ehjw6dgvn7z2EAF0B+hRS+gqmb7RRX/gGk03/Tz0Yr3vMBbt7VyCAxBX8K+dIBB6lM3x m7CDdF/QeQ+V356Y2KryN538pQ1XkQ9kU4SwzNTr0CExu18N9EOs/iSIFygmTgxihdLQ abXg==
In-reply-to: <20170809200830.v6lgjyus7wgrnudm@neva>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <33551502260734@web43j.yandex.ru> <20170809200830.v6lgjyus7wgrnudm@neva>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Aug 9, 2017 at 4:08 PM, Alexander Nasonov <alnsn@xxxxxxxxx> wrote:
> me@xxxxxxxxxxxxxxxx wrote:
>> After that check from which ip it was logged in. This probably
>> would be ip of the exit node.
>
> What if they "bridge" mitm-ed traffic to a different host?
>
> I saw a similar ssh warning few weeks ago but I wasn't prepared to
> identify the bad exit. I set SafeLogging to 0 and I will enable
> debugging via SIGUSR2 next time this happens. Can someone confirm
> whether it's a good way of identifying bad exits?

This lack of having easy access to even a short term
(3 hour / 10k connections) in memory simple log buffer,
that doesn't write to disk or have other log junk to filter out,
of what exits users were using before they later happened
to notice something wrong, or before the exit changes out
from under them for reasons, thus ending their diagnosis,
is a *constant* problem users mention on these lists.

You should reopen and lend your support / work this ticket...

# Combine setevents circ and stream
https://trac.torproject.org/projects/tor/ticket/11179
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] Relay flag set counts
Next by Author: Re: [tor-relays] Feedback wanted: letter to my university's library
Previous by thread: [tor-relays] anonymaid tor relays: MyFamily configuration
Next by thread: [tor-relays] Looking for a 34C3 Voucher
Index(es):
- Author
- Thread