[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D
Will do next time. Wasn't sure which one to spew at.
Also, homeslice seemed to have turned off the SSH MITM. I'm sure it is
a coincidence it happened after I emailed the contact for the node.
I'm definitely going to write more modules and automate this better.
This is neat. I should have done this ages ago.
On Sat, Jul 29, 2017 at 9:11 PM, teor <teor2345@xxxxxxxxx> wrote:
> Hi,
>
> I've cc'd bad-relays with this report.
>
> Please send reports of bad relays to bad-relays@xxxxxxxxxxxxxxxxxxxx.
>
>> On 30 Jul 2017, at 02:56, eric gisse <jowr.pi@xxxxxxxxx> wrote:
>>
>> it looks like i've found an exit node mitm-ing ssh, or at least giving
>> it a shot.
>>
>> https://atlas.torproject.org/#details/29378422C99074D06331D5700E47451610B0D20
>>
>> that exit policy looks more like a wishlist than anything else, at this point.
>>
>> notice all 3 sites have different clear wire ssh keys (obviously) but
>> all the same when connecting over tor. what a coincidence!
>>
>> module code:
>> https://github.com/jowrjowr/exitmap/blob/master/src/modules/sshmitm.py
>>
>> # ./bin/exitmap sshmitm -e 29378422C99074D06331D5700E47451610B0D20D
>> 2017-07-29 16:52:36,797 exitmap [INFO] Attempting to invoke Tor
>> process in directory "/tmp/exitmap_tor_datadir-root". This might take
>> a while.
>> 2017-07-29 16:52:36,798 exitmap [INFO] No first hop given. Using
>> randomly determined first hops for circuits.
>> 2017-07-29 16:52:37,369 util [INFO] Tor Bootstrapped 0%: Starting
>> 2017-07-29 16:52:41,942 util [INFO] Tor Bootstrapped 80%: Connecting
>> to the Tor network
>> 2017-07-29 16:52:41,943 exitmap [INFO] Successfully started Tor
>> process (PID=31779).
>> 2017-07-29 16:52:42,117 exitmap [INFO] Running module 'sshmitm'.
>> 2017-07-29 16:52:42,269 modules.sshmitm [INFO] obtaining ssh key
>> information for destinations
>> 2017-07-29 16:52:42,269 modules.sshmitm [INFO] getting key for github.com
>> 2017-07-29 16:52:42,643 modules.sshmitm [INFO] getting key for gitlab.com
>> 2017-07-29 16:52:42,889 modules.sshmitm [INFO] getting key for bitbucket.com
>> 2017-07-29 16:52:58,807 relayselector [INFO] 216 relays have non-empty
>> exit policy but no exit flag.
>> 2017-07-29 16:52:58,816 relayselector [INFO] 1 out of 1000 exit relays
>> meet all filter conditions.
>> 2017-07-29 16:52:59,080 exitmap [INFO] Scan is estimated to take around 0:00:03.
>> 2017-07-29 16:52:59,080 exitmap [INFO] Beginning to trigger 1 circuit
>> creation(s).
>> 2017-07-29 16:53:02,018 exitmap [INFO] Done triggering circuit
>> creations after 0:00:02.937566.
>> 2017-07-29 16:53:04,169 modules.sshmitm [CRITICAL] tor ssh key
>> mismatch for github.com:22 (192.30.253.112) over exit relay
>> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
>> AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==,
>> over tor value:
>> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
>> 2017-07-29 16:53:05,573 modules.sshmitm [CRITICAL] tor ssh key name
>> mismatch for gitlab.com:22 (52.167.219.168) over exit relay
>> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
>> ssh-ed25519, over tor value: ssh-rsa
>> 2017-07-29 16:53:05,574 modules.sshmitm [CRITICAL] tor ssh key
>> mismatch for gitlab.com:22 (52.167.219.168) over exit relay
>> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
>> AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf,
>> over tor value:
>> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
>> 2017-07-29 16:53:06,957 modules.sshmitm [CRITICAL] tor ssh key
>> mismatch for bitbucket.com:22 (104.192.143.8) over exit relay
>> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
>> AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==,
>> over tor value:
>> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
>> 2017-07-29 16:53:06,959 eventhandler [INFO] Ran 1 module(s) in
>> 0:00:30.168619 and 0/1 circuits failed (0.00%).
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> ------------------------------------------------------------------------
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays