[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New to list and questions about exit nodes




I got to speak with my acquaintance about his experience. Sadly It was as bad but not as quick as I was told.

He told me within a three week period of setting up the tor exit node he considered his entire internal network compromised as several of his machines showed signs of being compromised. I didn't get to ask the specifics of that. But knowing this person as I do when he says compromised, it is not something you take lightly.

He reformatted and rebuilt every machine from known good sources and sworn off Tor.

DC

Please keep the replies civil. I know there is one in every crowd. Don't be that one.


On 26/10/2013 10:25 AM, DeveloperChris wrote:

Hi Roger

Thanks. I need to confirm the story as I got it through a third party. What you are suggesting is a rooky mistake. If he says he was compromised I can tell you for sure he was compromised.

I will see him in a few days so I'll ask him directly.

I appreciate the links. I am trying to come up to speed in double quick time. I have some pretty big plans where I hope to convince lots of people too join Tor. but I cannot in all good conscience, if it opens them up to any form of abuse or excessive risk. I must also be able to explain what those risks are. The people I am appealing too are good hearted not network savvy.

My initial reaction was to dump my plans but decided hearsay was not a strong enough reason, I needed to know more. Perhaps I should not have put as much faith into the words of the third party.

Oh and I just noticed. I meant acquaintance not acquittance damn spell checkers.

DC


On 26/10/2013 5:34 AM, Roger Dingledine wrote:
On Fri, Oct 25, 2013 at 06:01:51PM +1030, DeveloperChris wrote:
An acquittance of mine created a tor exit node, I know little detail
more than that other than he was banned by services such as skype
and ebay. and apparently the machine he used was hacked. Now I know
he is very security conscious and not a newb. If he was hacked it
was by professionals. He is a network engineer.

Apparently he pulled the exit node and wiped the machine.
Just so somebody's said it: there's a good chance that the machine
wasn't compromised. There are some jerks out there who use Tor to send
application-level traffic to webservers that tries to break into the
webserver. Somebody watching the webserver (or watching its network)
will notice the attack -- but since most attacks these days come through
compromised computers that are used as 'stepping stones', the mail that
the website operator sends won't say "stop attacking me!", but rather
it will say "your computer appears to be compromised." They don't have
any idea that it's running a Tor exit relay (and in many cases they have
no idea that something like Tor exists).

Then it's easy for the Tor relay operator to say "oh crap somebody on
the Internet told me my computer is compromised." (And to be fair, it's
hard for them to convince themselves that it's not true, so his response
in this case of "let's wipe it to be sure" was not unreasonable.)

See also
https://www.torproject.org/docs/faq-abuse#TypicalAbuses
and
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines

Thanks!
--Roger



--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk