[tor-relays] Tor exit nodes attacking SSH?

grarpamp grarpamp at gmail.com
Sun Oct 8 18:00:30 UTC 2017


On Wed, Aug 9, 2017 at 4:08 PM, Alexander Nasonov <alnsn at yandex.ru> wrote:
> me at eugenemolotov.ru wrote:
>> After that check from which ip it was logged in. This probably
>> would be ip of the exit node.
>
> What if they "bridge" mitm-ed traffic to a different host?
>
> I saw a similar ssh warning few weeks ago but I wasn't prepared to
> identify the bad exit. I set SafeLogging to 0 and I will enable
> debugging via SIGUSR2 next time this happens. Can someone confirm
> whether it's a good way of identifying bad exits?

This lack of having easy access to even a short term
(3 hour / 10k connections) in memory simple log buffer,
that doesn't write to disk or have other log junk to filter out,
of what exits users were using before they later happened
to notice something wrong, or before the exit changes out
from under them for reasons, thus ending their diagnosis,
is a *constant* problem users mention on these lists.

You should reopen and lend your support / work this ticket...

# Combine setevents circ and stream
https://trac.torproject.org/projects/tor/ticket/11179


More information about the tor-relays mailing list