[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor exit nodes attacking SSH?



On Wed, Aug 9, 2017 at 4:08 PM, Alexander Nasonov <alnsn@xxxxxxxxx> wrote:
> me@xxxxxxxxxxxxxxxx wrote:
>> After that check from which ip it was logged in. This probably
>> would be ip of the exit node.
>
> What if they "bridge" mitm-ed traffic to a different host?
>
> I saw a similar ssh warning few weeks ago but I wasn't prepared to
> identify the bad exit. I set SafeLogging to 0 and I will enable
> debugging via SIGUSR2 next time this happens. Can someone confirm
> whether it's a good way of identifying bad exits?

This lack of having easy access to even a short term
(3 hour / 10k connections) in memory simple log buffer,
that doesn't write to disk or have other log junk to filter out,
of what exits users were using before they later happened
to notice something wrong, or before the exit changes out
from under them for reasons, thus ending their diagnosis,
is a *constant* problem users mention on these lists.

You should reopen and lend your support / work this ticket...

# Combine setevents circ and stream
https://trac.torproject.org/projects/tor/ticket/11179
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays