On Wed, Oct 04, 2006 at 08:45:03PM -0400, Claude LaFrenière wrote: > Hmmm... Bogus exit nodes or bogus DNS servers ? One or the other way, brute forcing my way through all exit-nodes should reveil it. Hopefully... > Is it possible that the strange side effects comes, not from the exit nodes > themselves, but from the DNS server used by these exit nodes ? Could be either way. Things which popped up in my mind: 1) DNS poisoning 2) Exit-node is behind a transparent proxy which is compromised or modified in some way 3) Outbound traffic from the exit-node gets DNATed away by some firewall Things you could do: 1) Replacing complete websites with link-farms (that's what happened me) 2) Using a modified web-proxy which insert advertisement into the HTML-code (possible, it's exactly the reverse of what Privoxy does) 3) Filter content 4) Replacing valid downloads by trojaned versions 5) Replace all pictures of a website with a picture of the goatse-man... 6) Modifying text in a subtle way using simple lex-programs (e.g. replace all "must" by "could" or "police" by "SS") 7) <insert favourite attack here> > Our suspicions about "bogus exit nodes" must be based on facts > so I suggest to collect information about this issue here. My first run during the night was not very successful, most of the exitnodes refused to talk to me. I'm in timezone GMT+2 and that's pretty normal for that time of the day, I started another scan just minutes ago. Usually the TOR-network is not that congested in the morning. > What we can do is to report any "strange side effect" including: > > the link to the web site > the resulting link with the redirection like the ones we're talking about > the exit node used to access this web site Aye. > Claude LaFrenière Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institute, 1901.
Description: Digital signature