[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Excluding exit nodes

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Excluding exit nodes
From: "Aplin, Justin M" <jmaplin@xxxxxxx>
Date: Sun, 13 Feb 2011 11:17:10 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 13 Feb 2011 11:17:28 -0500
In-reply-to: <1297610391.2138.12.camel@HAL9000>
References: <1297608222.2714.22.camel@HAL9000> <4D57F00C.5060707@xxxxxxxxx> <1297610391.2138.12.camel@HAL9000>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7

On 2/13/2011 10:19 AM, Tomasz Moskal wrote:
[snip]

How someone can recognise if an exit node *might* be doing something
suspicious - like sniffing traffic for passwords? As far as I can tell
(with my limited knowledge that is!) it's by checking which ports the
node in question is making available. And if there are not the standards
one then it *could* do something nasty - which of course don't mean it
does. Could you clarify this whole "rouge/bad/evil" nodes matter

I think it's worth mentioning that as an end-user you might be focusingon the wrong issues here. While there *may* be some nodes (exactly whichis perpetually unknown) that record unencrypted traffic, it's moreimportant to make sure that your private data (such as logincredentials, text containing your whereabouts, etc) is encryptedend-to-end than to worry about excluding every "possibly bad" exit node.For example, it's much easier to use the https version of a websiteinstead of http to protect a username/password combination than it wouldbe to hunt down anyone who might be trying to record your httpconnection (as recording the encrypted https traffic would yield themnothing). The same logic applies to other tools as well, examples beingusing the encrypted ssh and sftp over telnet and ftp, respectively.

Seehttps://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbadif you haven't already.

To answer your other question, as I understand it, the traditionaldefinition of "bad" exit nodes has been ones that manipulate (actuallychange, rather than simply record) data as they pass through the node.These nodes are automatically awarded the "BadExit" flag and are notused as exits, so the end-user need not worry about them. Exactlywhether using an asinine exit polixy should cause a node to beconsidered malicious has been a point of argument over the last week orso here, and relates only to the sniffing of unencrypted traffic. Soagain, make sure to use encrypted protocols wherever possible, and don'tsend any personally-identifiable information when forced to useunencrypted protocols, and you should be fine.

Others will be better able to answer the other questions you had. Goodluck, and stay safe!


~Justin Aplin

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Excluding exit nodes
  - From: Tomasz Moskal

References:
- Excluding exit nodes
  - From: Tomasz Moskal
- Re: Excluding exit nodes
  - From: tagnaq
- Re: Excluding exit nodes
  - From: Tomasz Moskal

Prev by Author: Re: advice on using accounting...
Next by Author: Re: Is "gatereloaded" a Bad Exit?
Previous by thread: Re: Excluding exit nodes
Next by thread: Re: Excluding exit nodes
Index(es):
- Author
- Thread