Another host in China which use persistant cookie to track Tor users

Pei Hanru peihanru at gmail.com
Tue Nov 27 11:20:03 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2007-11-27 16:45 CST, s s wrote:
> I have observed my url changed automatically
> from
> 
>     http://www.google.cn/
> 
> to
> 
>     http://60.16.34.94/RLOCATION069/?LOC=www.google.cn/
> 
> then the host 60.16.34.94 will send this:
> 
>   HTTP/1.1 302 Moved Temporarily
>   Allow: GET,POST,HEAD
>   MIME-Version: 1.0
>   Server: MA5200 Server 2.0
>   Set-Cookie: BASSID##=[base64-encoded-timestamp]; Expires=Thu,
> 09-May-2041 00:00:00 GMT
>   Location: http://www.google.cn/
>   Connection: close
>
> Whois query result for 60.16.34.94 from apnic.net :
>
> inetnum:      60.16.0.0 - 60.23.255.255
> netname:      CNCGROUP-LN
> country:      CN
> descr:        CNCGROUP Liaoning province network

60.16.34.94 seems not to be a Tor node. After some google, it is more
likely that you are using a node from China as your last hop, and the
node's ISP is CNC (China Netcom), and CNC is hijacking HTTP requests (to
insert ad or whatsoever).

It's not the fault of a Tor node in China, it's the f**king ISP! :(

Hanru
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHS/1jtHG285r2MGoRArDHAKCAfOHR8UWIDdKss63oukeHF7Y0qwCgyEDv
PRBXVVrvEmTbrwqbnURs0Ro=
=l617
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list