seven bloxortsipt* relays ought *not* to be Valid
Scott Bennett
bennett at cs.niu.edu
Thu Jul 30 06:01:47 UTC 2009
In the directory, I found seven relays whose names all begin with
"bloxortsipt":
bloxortsipt3
bloxortsipt11
bloxortsipt30
bloxortsipt38
bloxortsipt58
bloxortsipt71
bloxortsipt81
These relays
a) are running an obsolete version of tor (0.1.2.19) under LINUX,
which is far enough back to be a security problem due to the SSL
key generation bug in LINUX,
b) publish identical ContactInfo "1024D/E5712ECF IPT Support
<support at truxton.com>", and
c) are *NOT* listed as a family, so your client might well build a
circuit using two or more of these unsecured relays. Note that
the rule of only one relay in a circuit per /16 will not prevent
such a thing from happening in this case because of the offending
relays' diversity of IP addresses.
That much, IMO, ought to justify removal of their Valid flags by the
authorities. In the meantime, I have them all in my ExcludeNodes list, and
I recommend that all relay operators concerned about security in tor do
likewise.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-talk
mailing list