[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Analyzing TOR-exitnodes for anomalies
Hi *Robert Hogan* :
> On Friday 06 October 2006 19:21, Robert Hogan wrote:
>>> Hmmm... I had this problem with Whistlemother exit node and this site:
>>> http://www.iamaphex.net with the same
>>> "frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com "blah blah blah"
>>> filter ... =SUSPECTED+UNDESIRABLE+BOT"
>> i have the same experience using whistlersmother for the same site.
> And I have the same experience with practically every other exit node I try
> for this site. So whistlersmother is not the problem...
Personnaly I don't believed that Whistlemother (or any other nodes)
are responsible for this... It looks like web server filter or DNS server
But now how to explain the same behaviour with
a web site like http://www.iamaphex.net
a web site like hotmail.com ???
They don't share the same web hosting service...
Is this a new "filter" for Web sites or Web Hosting ?
An other question:
How this "filter" spot a Tor exit like Whistlemother?
I guess it's based on the IP address of this exit node.
(Or the browser referer sent to the web site... ??? )
Since no exit nodes have a control on what is doing by Tor users, Is it
possible that some bad guys had used Tor for "unacceptable" things and
put the Whistlemother Ip address into a "black list" of this hypothetical
One way to check this is to compare exit nodes with a fixed IP address
with the exit nodes with a dynamic Ip address and if this make a
If an exit node with a dynamic IP address is not spoted as a bad IP in the
hypothetical "bad list fliter", therefore the filter is based on IP address
Many test must be done before to prove this.
If the behaviour of Fixed Ip address exit nodes
the behaviour of Dynamics Ip address exit nodes
are the same
a) the hypothetical filter is not based on Ip address
b) there is no such filter but somethings else...
??? [not sure ...] :-\
( !!! Hmmm.. I to revised my formal logic manuals a little bit .. ;-) )
It's hard to find enough data about this problem because there's no way to
easily reproduce it.