[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Please Badexit:



Thus spake morphium (morphium@xxxxxxxxxxxxx):

> Hi,
> 
> please BadExit the following nodes (for the same reason you badexit'ed
> gatereloaded et al. - no valid contact info, they didn't explain their
> exit policy to us, I suspect they are sniffing unencrypted Exit
> traffic):
> 
> TORy0 - 753e0b5922e34bf98f0d21cc08ea7d1adeee2f6b
> TORy2 - f08f537d245a65d9c242359983718a19650a25f7

These are running a slightly modified default exit policy. They allow
443. They are fine by me.

> st0nerhenge - c2f9d30118bebf3efee6d96252374082ca73c054

Funny you should mention this node. A researcher flagged it once in a
test to detect sniffing, but was not able to reproduce it later. Maybe
they just turned off their sniffer and got lucky :). There were also
serious issues with the methodology though, and it may have been a bug
in the scanning technique.

However, at this point we are only going after nodes that carried
unencrypted versions of both mail *and* web. The reason we did this
was because another researcher actually detected another node that he
*was* able to reproduce. It had this exact type of exit policy. It
calls itself 'agitator'.

When we found that sniffer, we looked for other exit policies similar
to that one, and found the five here that caused so much controversy.

We probably should have came out with all this earlier, but the
researcher requested we keep their methodology secret until
publication. It also needs some work in the reproducibility dept...

At any rate, this node appears to (now?) carry 443. Did it's policy
just change?

> vivalarevolution - 29448afd5251b60a44fc79f4414423e7d026500d

Same as Tory0.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpv9ax1q8Oal.pgp
Description: PGP signature