[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Analyzing TOR-exitnodes for anomalies

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Analyzing TOR-exitnodes for anomalies
From: Claude LaFrenière <climenole@xxxxxxxxx>
Date: Fri, 6 Oct 2006 15:06:55 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 06 Oct 2006 15:09:16 -0400
References: <20061006172041.0EB9014C856@nepuweb4.net-publics.de> <1e4o19g4tmfms$.dwnxtir13dq8.dlg@40tude.net> <200610061921.39543.robert@roberthogan.net> <200610061927.09304.robert@roberthogan.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: 40tude_Dialog/2.0.15.1fr

Hi  *Robert Hogan*   :

> On Friday 06 October 2006 19:21, Robert Hogan wrote:
>>> Hmmm... I had this problem with Whistlemother exit node and this site:
>>> http://www.iamaphex.net with the same
>>> "frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com "blah blah blah"
>>> filter ... =SUSPECTED+UNDESIRABLE+BOT"
>>
>> i have the same experience using whistlersmother for the same site.
> 
> And I have the same experience with practically every other exit node I try 
> for this site. So whistlersmother is not the problem...

Hmmm... 

Personnaly I don't believed that Whistlemother (or any other nodes)
are responsible for this...  It looks like web server filter or DNS server
filter...

But now how to explain the same behaviour with
a web site like  http://www.iamaphex.net 
and
a web site like hotmail.com ???

They don't share the same web hosting service...

Is this a new "filter" for Web sites or Web Hosting ?

An other question:
How this "filter" spot a Tor exit like Whistlemother?

I guess it's based on the IP address of this exit node.
(Or the browser referer sent to the web site... ??? )

Since no exit nodes have a control on what is doing by Tor users, Is it
possible that some bad guys had used Tor for "unacceptable" things and 
put the Whistlemother Ip address into a "black list" of this hypothetical
"filter" ???

One way to check this is to compare exit nodes with a fixed IP address
with the exit nodes with a dynamic Ip address and if this make a
difference.  

If an exit node with a dynamic IP address is not spoted as a bad IP in the
hypothetical "bad list fliter", therefore the filter is based on IP address 

Many test must be done before to prove this.
...

If the behaviour of Fixed Ip address exit nodes 
and 
the behaviour of Dynamics Ip address exit nodes
are the same
therefore
a) the hypothetical filter is not based on Ip address
b) there is no such filter but somethings else...

??? [not sure ...]  :-\

( !!! Hmmm.. I to revised my formal logic manuals a little bit .. ;-)  )

It's hard to find enough data about this problem because there's no way to
easily reproduce it.

:)

-- 
Claude LaFrenière

Follow-Ups:
- Re: Analyzing TOR-exitnodes for anomalies
  - From: bagelcat

References:
- Re: Analyzing TOR-exitnodes for anomalies
  - From: Stephen
- Re: Analyzing TOR-exitnodes for anomalies
  - From: Claude LaFrenière
- Re: Analyzing TOR-exitnodes for anomalies
  - From: Robert Hogan
- Re: Analyzing TOR-exitnodes for anomalies
  - From: Robert Hogan

Prev by Author: Re: Analyzing TOR-exitnodes for anomalies
Next by Author: Re: Analyzing TOR-exitnodes for anomalies
Previous by thread: Re: Analyzing TOR-exitnodes for anomalies
Next by thread: Re: Analyzing TOR-exitnodes for anomalies
Index(es):
- Author
- Thread