[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Analyzing TOR-exitnodes for anomalies
On 10/5/06, Claude LaFrenière <climenole@xxxxxxxxx> wrote:
Hi *Alexander W. Janssen* :
> Hi all,
> considering that I heard from several people that they notice strange
> sideeffects since a couple of days - altered webpage, advertisement where no
> ads should be - I started a little investigation if there are any obviously
> bogus exitnodes in the wild:
> I welcome you to start your own investigation; if there are really bogus
> exitnodes we should be aware of those and we should know their node's nickname
> to put them on a shitlist.
> This might leed to an escalation in the future when marketeers realize the
> possibilities of altering traffic.
> Comments, ideas, pointers to other projects?
Hmmm... Bogus exit nodes or bogus DNS servers ?
Is it possible that the strange side effects comes, not from the exit nodes
themselves, but from the DNS server used by these exit nodes ?
A kind of DNS poisonning? (From a local DNS server or Remote DNS server...)
Our suspicions about "bogus exit nodes" must be based on facts
so I suggest to collect information about this issue here.
What we can do is to report any "strange side effect" including:
the link to the web site
the resulting link with the redirection like the ones we're talking about
the exit node used to access this web site
I did some google (yahoo either) sarch but did not find the ghost-like
"Linux Magazine" site you have encountered, that means this site could
be quite new (but writing a robots.txt can reject the crawlers if
someone is intend to crime and trying to avoid the others to find the
clues). Also, the logo "linux-magazine.com what you need, when you
need it" is a image or just text?
Maybe it is a DNS poisoning job, maybe some guy runs a local DNS
server as well as a tor node to make some profit by directing us to
this bogus linux-magazine? Interesting.