[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor exit nodes attacking SSH?



You choose your own path and exit. It couldn't be any node before your chosen exit because of onion.

You can't look for incoming traffic on your ssh server to know the bad node. You have to know your chosen exit from the client end, to know the MITM.

On Aug 9, 2017 1:08 PM, "Alexander Nasonov" <alnsn@xxxxxxxxx> wrote:
me@xxxxxxxxxxxxxxxx wrote:
> Make a "trap" ssh server (for example on virtualbox machine
> without any sensitive data) and log in into it through tsocks.
> After that check from which ip it was logged in. This probably
> would be ip of the exit node.

What if they "bridge" mitm-ed traffic to a different host?

I saw a similar ssh warning few weeks ago but I wasn't prepared to
identify the bad exit. I set SafeLogging to 0 and I will enable
debugging via SIGUSR2 next time this happens. Can someone confirm
whether it's a good way of identifying bad exits?

--
Alex
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays