[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Excluding exit nodes

On 2/13/2011 10:19 AM, Tomasz Moskal wrote:
How someone can recognise if an exit node *might* be doing something
suspicious - like sniffing traffic for passwords? As far as I can tell
(with my limited knowledge that is!) it's by checking which ports the
node in question is making available. And if there are not the standards
one then it *could* do something nasty - which of course don't mean it
does. Could you clarify this whole "rouge/bad/evil" nodes matter

I think it's worth mentioning that as an end-user you might be focusing on the wrong issues here. While there *may* be some nodes (exactly which is perpetually unknown) that record unencrypted traffic, it's more important to make sure that your private data (such as login credentials, text containing your whereabouts, etc) is encrypted end-to-end than to worry about excluding every "possibly bad" exit node. For example, it's much easier to use the https version of a website instead of http to protect a username/password combination than it would be to hunt down anyone who might be trying to record your http connection (as recording the encrypted https traffic would yield them nothing). The same logic applies to other tools as well, examples being using the encrypted ssh and sftp over telnet and ftp, respectively.

See https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad if you haven't already.

To answer your other question, as I understand it, the traditional definition of "bad" exit nodes has been ones that manipulate (actually change, rather than simply record) data as they pass through the node. These nodes are automatically awarded the "BadExit" flag and are not used as exits, so the end-user need not worry about them. Exactly whether using an asinine exit polixy should cause a node to be considered malicious has been a point of argument over the last week or so here, and relates only to the sniffing of unencrypted traffic. So again, make sure to use encrypted protocols wherever possible, and don't send any personally-identifiable information when forced to use unencrypted protocols, and you should be fine.

Others will be better able to answer the other questions you had. Good luck, and stay safe!

~Justin Aplin

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/