[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ssh MITM attack when using tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Ssh MITM attack when using tor
From: James Muir <jamuir@xxxxxxxxxxxxxxx>
Date: Fri, 02 Feb 2007 16:04:55 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 02 Feb 2007 16:02:37 -0500
In-reply-to: <7i1wl8l5l3.fsf@lanthane.pps.jussieu.fr>
References: <7i1wl8l5l3.fsf@lanthane.pps.jussieu.fr>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20070104)

Juliusz Chroboczek wrote:

What are you supposed to do when you notice a MITM attack?  How do you
find out the exit node, and where do you report it to?
I'm running ssh as so:
ssh -A -C -o 'ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050' "$@"

Just curious -- how does ssh inform you that a man-in-the-middle (i.e. the exit node) is trying to victimize you?

If you have access to the logs on the machine you were ssh'ing into, you should find the IP address of the exit node there. Once you have identified the malicious exit node, I would inform one of the Tor designers. In the future, you can turn on Tor's logging and look in the log file there to see what your exit node is (you may have to turn off "SafeLogging" in order to see Tor node names).

-James

Follow-Ups:
- Re: Ssh MITM attack when using tor
  - From: Bryan Fordham

References:
- Ssh MITM attack when using tor
  - From: Juliusz Chroboczek

Prev by Author: Re: Problem downloading new Torpark
Next by Author: Re: Ssh MITM attack when using tor
Previous by thread: Ssh MITM attack when using tor
Next by thread: Re: Ssh MITM attack when using tor
Index(es):
- Author
- Thread