[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Analyzing TOR-exitnodes for anomalies



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude LaFrenière @ 2006/10/06 12:24:
> For the moment nothings prove that any exit nodes are responsibles for this.
> We have to do somethings based on facts not fears...
> 

How about this then? .... when navigating to www.ezboard.com the proper page is loaded and displayed.  verified by comparing the IP address of www.ezboard.com found with and without tor_resolve.exe.  however, after entering your username/password and logging in from that page, the request is handled by login.ezboard.com, which resolved to 64.74.223.198 !!  the correct IP for login.ezboard.com is 209.66.118.157.  also, the now in-famous URL with the flanding.domainsponsor.com and SUSPECTED+UNDESIRABLE+BOT junk in it was shown as the address.  i think 64.74.223.198 possibly now hijacked the ezboard login information!  unfortunately during this time i was scurrying about trying to reset my password and wasn't able to get the IP of the exit node i was using.


> I suggest, If the facts prove that some exit nodes are responsible, that we
> keep them temporarely, instead of immediatly blocking them, and use them
> as "guinea pig" to study their behaviour and prevent that kind of abuse in
> the future.
> 
> Consider this as a laboratory experience with "cyber-rats" !  ;-)
> Better than SETI@Home IMHO.
> 
> :)
> 

fact or fear, then? ;)

using un-encrypted authentication over Tor is dumb to begin with, but this really emphasizes it i think!  this is too unfortunate as many sites still do not use SSL but sometimes Tor users still at least need location privacy.  so i for one hope we can dispose of these cyber-rats soon.
-----BEGIN PGP SIGNATURE-----

iQA/AwUBRSjCiV4XwiTbvfKgEQKToQCgteioKfQmvUf98AfyhVWEWvJhsB0AoJUB
Sr9b930B8WcsJb5Tb9WurqIR
=wKWZ
-----END PGP SIGNATURE-----