[tor-relays] Email suggesting to send DNS requests to a specific open DNS
jpmvtd261 at laposte.net
jpmvtd261 at laposte.net
Tue Sep 12 16:16:39 UTC 2017
Hello,
Recently, I installed a new Tor exit node. A few days later, I received an email on the address given in the node contact information. This email suggests to change the DNS server my node use, and gives me a specific IP address to use.
Here is the mail (obfuscated with sharps) :
EMAIL BEGIN
***********************************
* Sender : info AT backplanedns DOT org
* Subject : Your TOR node
* Body :
**
** Hello,
**
** I came across your TOR relay on atlas. I run a few relays myself
** along with a bunch of DNS resolvers which are a part of the Open
** Root Server network (ORSN.org) - aimed to fight internet
** censorship and circumvent government surveillance programs
** (ie. prism).
**
** I hope you may be interested in using our anonymous open DNS
** resolvers on your relays.
**
** https://BackplaneDNS.org
**
** Resolver - 172.98.193.4#
**
** Resolver - 162.248.241.9#
**
** ------------------------------------------------------
**
** Hostmaster@:
** Mr. D##### E#### H#####
**
** Phone:
** +1 (###) ###-####
**
** E-Mail:
** info AT backplanedns DOT org
** abuse DOT backplanedns DOT org
**
** Linkedin:
** http://linkedin.com/in/d####-######-#########/
***********************************
EMAIL END
I think it could be an attack. If this person send this email to every new exit node operators, there may be a small percentage of rookie operators who will make the change. I found this webpage about Tor exit nodes and DNS :
https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/
What do you think about this email ?
More information about the tor-relays
mailing list