[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Analyzing TOR-exitnodes for anomalies



On 10/5/06, Claude LaFrenière <climenole@xxxxxxxxx> wrote:
Hi  *Alexander W. Janssen*   :

> Hi all,
>
> considering that I heard from several people that they notice strange
> sideeffects since a couple of days - altered webpage, advertisement where no
> ads should be - I started a little investigation if there are any obviously
> bogus exitnodes in the wild:
>
> http://itnomad.wordpress.com/2006/10/04/analyzing-tor-exitnodes-for-anomalies/
>
> I welcome you to start your own investigation; if there are really bogus
> exitnodes we should be aware of those and we should know their node's nickname
> to put them on a shitlist.
>
> This might leed to an escalation in the future when marketeers realize the
> possibilities of altering traffic.
>
> Comments, ideas, pointers to other projects?
>
> Alex.

Hmmm...  Bogus exit nodes or bogus DNS servers ?

Is it possible that the strange side effects comes, not from the exit nodes
themselves, but from the DNS server used by these exit nodes ?

A kind of DNS poisonning? (From a local DNS server or Remote DNS server...)
Ref.: http://en.wikipedia.org/wiki/DNS_poisoning

Our suspicions about "bogus exit nodes" must be based on facts
so I suggest to collect information about this issue here.

What we can do is to report any "strange side effect" including:

the link to the web site
the resulting link with the redirection like the ones we're talking about
the exit node used to access this web site


Hi all,

I did some google (yahoo either) sarch but did not find the ghost-like
"Linux Magazine" site you have encountered, that means this site could
be quite new (but writing a robots.txt can reject the crawlers if
someone is intend to crime and trying to avoid the others to find the
clues). Also, the logo "linux-magazine.com what you need, when you
need it" is a image or just text?
Maybe it is a DNS poisoning job, maybe some guy runs a local DNS
server as well as a tor node to make some profit by directing us to
this bogus linux-magazine? Interesting.

Deephay