hijacked SSH sessions
Michael Holstein
michael.holstein at csuohio.edu
Tue Oct 17 14:24:02 UTC 2006
There have been various TOR exit nodes that have been "behaving badly"
lately (check the tor-talk list) .. some are doing frames, popups, etc
.. there is a list of bad nodenames somewhere on that list (can't find
it at hand..)
Personally, I wouldn't use any exit node in China .. use the
ExcludeNodes part of your torrc.
~Mike.
Taka Khumbartha wrote:
> today i have had several attempted "man in the middle" attacks on my SSH sessions. i am not sure which exit node(s) i was using, but the MD5 hash of the fingerprint of the spoofed host key is:
>
> 4d:64:6f:bc:bf:4a:fa:bd:ce:00:b0:8e:c9:40:60:57
>
> and it does not matter which host i connect to, the MD5 hash presented it always the same.
>
> just a heads up
>
More information about the tor-talk
mailing list