[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2



On 2009-02-09 Scott Bennett wrote:
>      Some time ago, a tor relay called "apple" appeared.  "apple" was
> found to be a crooked exit relay in that it was replacing the URLs of
> its exiting traffic with URLs of the form
> 
> https://kangnam.megapass.net:7003/index.html?sso=121.138.5.103&no=8403&origin=OriginalURL
> 
> where "OriginalURL" was the URL requested by whatever tor client built
> the circuit using "apple" as its exit relay.  "apple" frequently
> restarted under different IP addresses.  Its perfidy was reported
> here, and eventually [*ahem*] the directory authority operators
> flagged it as a BADEXIT, so that tor clients around the globe would
> avoid using "apple" as an exit.
>      "apple" disappeared after that for a time, but now it's back.  It
> still uses varying IP addresses, but has changed its private OR key,
> perhaps to avoid recognition as a bad exit.  Unfortunately, there is
> no good way for the software to recognize a corrupt tor operator, but
> it should be given a BADEXIT flag for its *name*, as well as its new
> key, to force "apple"'s crooked operator to change his/her relay's
> torrc file next time.  It isn't much, but anything is a help.

Thank you for the explanation.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html