[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: hijacked SSH sessions

To: or-talk@xxxxxxxxxxxxx
Subject: Re: hijacked SSH sessions
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Tue, 17 Oct 2006 10:24:02 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 17 Oct 2006 10:24:25 -0400
In-reply-to: <45331411.2020203@gmail.com>
References: <45331411.2020203@gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060922)

There have been various TOR exit nodes that have been "behaving badly" lately (check the tor-talk list) .. some are doing frames, popups, etc .. there is a list of bad nodenames somewhere on that list (can't find it at hand..)

Personally, I wouldn't use any exit node in China .. use the ExcludeNodes part of your torrc.

~Mike.

Taka Khumbartha wrote:

today i have had several attempted "man in the middle" attacks on my SSH sessions.  i am not sure which exit node(s) i was using, but the MD5 hash of the fingerprint of the spoofed host key is:

4d:64:6f:bc:bf:4a:fa:bd:ce:00:b0:8e:c9:40:60:57

and it does not matter which host i connect to, the MD5 hash presented it always the same.

just a heads up

References:
- hijacked SSH sessions
  - From: Taka Khumbartha

Prev by Author: Re: EXPERIMENTAL Windows binary for 0.1.1.24; please let us know if it works.
Next by Author: Re: accounting vs long lived nodes
Previous by thread: Re: hijacked SSH sessions
Next by thread: strictentrynodes
Index(es):
- Author
- Thread