[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: How do we defeat exit node sniffing?

     On Thu, 05 Jun 2008 21:49:05 -0700 Wesley Kenzie <wkenzie@xxxxxxx>
rudely top-posted (if you'll pardon that redundancy):
>I think you could make a case for trusting 1 or a handful of exit nodes, =
>use ExitNodes abc and StrictExitNodes 1 to make sure you only use those =
>sensitive authentication connections like you are asking about.
>For example, do you think blutmagie is sniffing?  When it is trusted as =
>a V2
>and Hidden Service Directory Authority?

     As a previous poster has already reminded, it doesn't matter if the
entire path between the exit node and the destination is unprotected.  A
loginid and password could be compromised at any point between the exit
node and the destination.
>Or BostonUCompSci?  It would be kind of embarrassing to Boston =
>wouldn't it, if they were found to be sniffing?

     You're joking, right?  A school that operates with a publicly
"straight face" in getting a Co$ member for its president is going to be
embarassed if revealed as the operator of a corrupted tor exit?
>It is probably too much to expect at this point, though, that a list of
>trusted exit nodes will be publicly compiled.  I think you have to do =
>own investigations and come up with your own list.
     I assume you missed all the Summer of Code project descriptions and
discussions about exit scanners on this list over the last couple of
months.  Check the archives.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *