[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Malicious Exit Nodes?

To: or-talk@xxxxxxxxxxxxx
Subject: Malicious Exit Nodes?
From: Mike Perry <mikepery@xxxxxxxxxx>
Date: Fri, 5 Aug 2005 19:13:34 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 05 Aug 2005 20:14:30 -0400
In-reply-to: <f49fc4840508042123616a1064@mail.gmail.com>
References: <20050805022055.GA24016@fscked.org> <20050804224453.P69691@surf.gcrc.upenn.edu> <f49fc4840508042123616a1064@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.1i

Thus spake Hideki Saito (hidekis@xxxxxxxxx):

> If it is AIM, you can type "1" when that message appears to force
> logoff people in other connection.

That may solve the problem of stolen messages after you log back in,
but what about while you are offline.

Is this "keeping a connection open" actually a property of Tor? Or is
it some bug? Or do we actually have rogue exit nodes operating here?

Should I make some effort to make a list of exits this happens for?

> 2005/8/4, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx>:
> > Mike,
> > 
> > Yep, it happens quite frequently to me. I haven't been able to investigate
> > yet so I don't IM thru tor right now :-(
> > 
> > but remember that if someone wanted to they can steal your creds on their
> > exit node.
> > 
> > Cheers,
> > Harry
> > 
> > 
> > On Thu, 4 Aug 2005, Mike Perry wrote:
> > 
> > > Is anyone else experiencing issues with remaining logged on to AIM
> > > (specifically gaim) after signing off when using Tor? For some reason
> > > even after explicitly going to signoff, my screenname remains online
> > > and I lose IMs. When I go to sign on again I get the annoying "Your
> > > AIM account is being used in another location", sometimes even hours
> > > later.
> > >
> > > I don't really know the AIM protocol, but doesn't it log you out
> > > automatically normally as soon as the TCP connection dies? Perhaps Tor
> > > isn't properly terminating randomly dropped circuits? But what about
> > > when I deliberately go to signoff?
> > >
> > > This is obviously distressing, because what is to stop someone from
> > > say, intercepting and then dropping my logoff at an exit server and
> > > then keeping the connection alive to recieve copies of my IMs..
> > >
> > > --
> > > Mike Perry
> > > Mad Computer Scientist
> > > fscked.org evil labs
> > >
> > 
> 
> 
> -- 
> Hideki Saito mailto: hidekis@xxxxxxxxx

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Follow-Ups:
- Re: Malicious Exit Nodes?
  - From: Joel Franusic

References:
- Still logged on after AIM logoff
  - From: Mike Perry
- Re: Still logged on after AIM logoff
  - From: Harry Hoffman
- Re: Still logged on after AIM logoff
  - From: Hideki Saito

Prev by Author: Still logged on after AIM logoff
Next by Author: Re: Slashdot banning Tor?
Previous by thread: Re: Still logged on after AIM logoff
Next by thread: Re: Malicious Exit Nodes?
Index(es):
- Author
- Thread