[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D
From: teor <teor2345@xxxxxxxxx>
Date: Sun, 30 Jul 2017 12:11:18 +1000
Cc: bad-relays@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 29 Jul 2017 22:12:14 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=9uYw0jEy/oVr4dg7Wa2Eb/eAK/o6JM2J0frb6d1Ia3Y=; b=B3UXR9XlWbeKVeNgqXM3rJ9qBy8LXMcxpAMc/OxRME1qmRglRZOnJR+6gMpc77KD/1 5xhEsHqeA1PtnvdCmsp1bu5bPERNyUHTgSc9JmRpNl8uK2SHsRwm7L4Crcd8wja+x44i pwVUch7TvvxUEgxxcA0g1QGbciFFsmH4IGQRQVZCmRLy3PQJ3XCbAKPnWeMqfw0cY58R r7l/eN8OgeUYG7iKKtfTqwgzBKvwp72Csz4ZsEv/SfxJORsxz8nYzGH8tXiFjFaUoFag EbPVW0ACJK8n32xjKj3RnV8H9zKG1fYLNGCrZcgdVvD6AFQk/IpOhvkO0hyaaBEiheRh UNSA==
In-reply-to: <CAHZ_AjvS_dLCJSKyaOT9uNbfV0g33QtEGu_LW=G-U7ATQ_6=FQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAHZ_AjvS_dLCJSKyaOT9uNbfV0g33QtEGu_LW=G-U7ATQ_6=FQ@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

I've cc'd bad-relays with this report.

Please send reports of bad relays to bad-relays@xxxxxxxxxxxxxxxxxxxx.

> On 30 Jul 2017, at 02:56, eric gisse <jowr.pi@xxxxxxxxx> wrote:
> 
> it looks like i've found an exit node mitm-ing ssh, or at least giving
> it a shot.
> 
> https://atlas.torproject.org/#details/29378422C99074D06331D5700E47451610B0D20
> 
> that exit policy looks more like a wishlist than anything else, at this point.
> 
> notice all 3 sites have different clear wire ssh keys (obviously) but
> all the same when connecting over tor. what a coincidence!
> 
> module code:
> https://github.com/jowrjowr/exitmap/blob/master/src/modules/sshmitm.py
> 
> #  ./bin/exitmap sshmitm -e 29378422C99074D06331D5700E47451610B0D20D
> 2017-07-29 16:52:36,797 exitmap [INFO] Attempting to invoke Tor
> process in directory "/tmp/exitmap_tor_datadir-root".  This might take
> a while.
> 2017-07-29 16:52:36,798 exitmap [INFO] No first hop given.  Using
> randomly determined first hops for circuits.
> 2017-07-29 16:52:37,369 util [INFO] Tor Bootstrapped 0%: Starting
> 2017-07-29 16:52:41,942 util [INFO] Tor Bootstrapped 80%: Connecting
> to the Tor network
> 2017-07-29 16:52:41,943 exitmap [INFO] Successfully started Tor
> process (PID=31779).
> 2017-07-29 16:52:42,117 exitmap [INFO] Running module 'sshmitm'.
> 2017-07-29 16:52:42,269 modules.sshmitm [INFO] obtaining ssh key
> information for destinations
> 2017-07-29 16:52:42,269 modules.sshmitm [INFO] getting key for github.com
> 2017-07-29 16:52:42,643 modules.sshmitm [INFO] getting key for gitlab.com
> 2017-07-29 16:52:42,889 modules.sshmitm [INFO] getting key for bitbucket.com
> 2017-07-29 16:52:58,807 relayselector [INFO] 216 relays have non-empty
> exit policy but no exit flag.
> 2017-07-29 16:52:58,816 relayselector [INFO] 1 out of 1000 exit relays
> meet all filter conditions.
> 2017-07-29 16:52:59,080 exitmap [INFO] Scan is estimated to take around 0:00:03.
> 2017-07-29 16:52:59,080 exitmap [INFO] Beginning to trigger 1 circuit
> creation(s).
> 2017-07-29 16:53:02,018 exitmap [INFO] Done triggering circuit
> creations after 0:00:02.937566.
> 2017-07-29 16:53:04,169 modules.sshmitm [CRITICAL] tor ssh key
> mismatch for github.com:22 (192.30.253.112) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==,
> over tor value:
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
> 2017-07-29 16:53:05,573 modules.sshmitm [CRITICAL] tor ssh key name
> mismatch for gitlab.com:22 (52.167.219.168) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> ssh-ed25519, over tor value: ssh-rsa
> 2017-07-29 16:53:05,574 modules.sshmitm [CRITICAL] tor ssh key
> mismatch for gitlab.com:22 (52.167.219.168) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf,
> over tor value:
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
> 2017-07-29 16:53:06,957 modules.sshmitm [CRITICAL] tor ssh key
> mismatch for bitbucket.com:22 (104.192.143.8) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==,
> over tor value:
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
> 2017-07-29 16:53:06,959 eventhandler [INFO] Ran 1 module(s) in
> 0:00:30.168619 and 0/1 circuits failed (0.00%).
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D
  - From: eric gisse

References:
- [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D
  - From: eric gisse

Prev by Author: Re: [tor-relays] IPv6 to IPv4 tor exit relays would fix many daily tor-problems
Next by Author: Re: [tor-relays] [warn] assign_to_cpuworker failed. Ignoring.
Previous by thread: [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D
Next by thread: Re: [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D
Index(es):
- Author
- Thread