[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is "gatereloaded" a Bad Exit?



Thus spake Gregory Maxwell (gmaxwell@xxxxxxxxx):

> On Sat, Jan 29, 2011 at 9:56 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
> >> I dont see how to recognize if the traffic is recorded?

Various research groups occasionally experiment with using side
channels for detecting recording exits. Their results are not usually
reproducible, though (no source code, poor design, poor quality
control, too easy to mitigate, etc). :/

They do occasionally find interesting stuff. But then they either
publish, or get rejected, and then shut down their code and forget
about it.

> Instead, I think that nodes which exit _only_ to the unencrypted
> version of a service (e.g. 80 but not 443) should be excluded from
> operating as exits entirely (except as enclaves).  In this way these
> nodes would be force to "pay their way".  We can't stop them from
> sniffing, but at least we can make them carry traffic they can't sniff
> as part of the cost of doing their evil business. They could do things
> like severely throttle encrypted traffic, but that is activity that
> testing could detect.
> 
> As far as that exit policy goes, the RFC1918 blocks might be there in
> an ignorant attempt to trigger the exit flag for completely benign
> reasons, though sniffing sounds more likely.

I agree. We already have scripts to detect this, we just have not yet
decided to actually use them yet. I believe we should.

Currently, 5 nodes exit to *only* plaintext ports for web and email.
There are about 50 others that exit to the plaintext versions for web
or email. 

I believe we hould ban these 5 immediately, and consider banning the
other 50 after issuing the appropriate announcements.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpG0g3yHwW9G.pgp
Description: PGP signature