[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Analyzing TOR-exitnodes for anomalies

Hash: SHA1

Claude LaFrenière @ 2006/10/06 12:24:
> For the moment nothings prove that any exit nodes are responsibles for this.
> We have to do somethings based on facts not fears...

How about this then? .... when navigating to www.ezboard.com the proper page is loaded and displayed.  verified by comparing the IP address of www.ezboard.com found with and without tor_resolve.exe.  however, after entering your username/password and logging in from that page, the request is handled by login.ezboard.com, which resolved to !!  the correct IP for login.ezboard.com is  also, the now in-famous URL with the flanding.domainsponsor.com and SUSPECTED+UNDESIRABLE+BOT junk in it was shown as the address.  i think possibly now hijacked the ezboard login information!  unfortunately during this time i was scurrying about trying to reset my password and wasn't able to get the IP of the exit node i was using.

> I suggest, If the facts prove that some exit nodes are responsible, that we
> keep them temporarely, instead of immediatly blocking them, and use them
> as "guinea pig" to study their behaviour and prevent that kind of abuse in
> the future.
> Consider this as a laboratory experience with "cyber-rats" !  ;-)
> Better than SETI@Home IMHO.
> :)

fact or fear, then? ;)

using un-encrypted authentication over Tor is dumb to begin with, but this really emphasizes it i think!  this is too unfortunate as many sites still do not use SSL but sometimes Tor users still at least need location privacy.  so i for one hope we can dispose of these cyber-rats soon.