[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: How do we defeat exit node sniffing?

You can’t be sure that traffic between an exit node and your target URL is not being sniffed unless you know the complete physical path between the two which is unlikely right? Sure you could implement some scheme other than TLS to authenticate the server but that doesn’t stop you being sniffed. You could implement some other kind of encryption between you and the target server so that sniffing is not a problem, in that case you’d just being using tor for anonymity, not encryption.


From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of defcon
Sent: Thursday, June 05, 2008 6:36 PM
To: or-talk@xxxxxxxxxxxxx
Subject: Re: How do we defeat exit node sniffing?


so what do you all suggest if I must authenticate to a non ssl connection?  How do I do it anonymously and safely?

On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:

On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing?  Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon

Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

Christopher Davis