RE: another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2

     On Mon, 9 Feb 2009 22:17:00 -0500 downie - <downgeoff2@xxxxxxxxxxx>
>Is this warning in my logs
>"Feb 10 03:12:19.847 [warn] Nickname list includes '$8424E8653469B1EFF87E79=
>E8599933A3BAF8FDB2' which isn't a known router."
>because you've blacklisted it=2C or because I have the ExcludeNodes syntax =

     It means that you listed a router identified by that key fingerprint
that is not listed in the current directory information.  As Roger noted,
"apple" disappeared again sometime after I posted my warning this morning.
However, if apple's operator(s) follow(s) the pattern thus far established,
apple will be back again in the future, probably with a different IP address
and a different key (and fingerprint of that key).  If the BadExit flag at
the authorities has also been applied to the Nickname "apple", then there's
a good chance that it will be called something other than "apple" in that
incarnation, as well.  The operator(s) is(are) clearly unethical, and is(are)
just as obviously trying to duck BadExit flagging each time he/she/they
is(are) caught redhanded.
     I think it would be a useful modification for the authorities to be able
to flag IP addresses and address ranges with BadExit in addition to being
able to flag nicknames and key fingerprints.  That way, when a case like
"apple" arises, its career could be greatly hindered by flagging the /24's
of their ISPs.  Thus far, "apple" has appeared on only two or three subnets.
Flagging those subnets would limit such "bad reputations" to the "guilty"
parts of an ISP's available addresses, but could easily make it difficult or
impossible for the crooked operator(s) to return to exit hijacking without
changing ISPs.

