Rogue exit nodes - checking?

John M. Schanck jms07 at hampshire.edu
Sun Jun 20 21:41:37 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Sat, Jun 19, 2010 at 10:20:19PM +0100, Matthew wrote:
> I am curious to know if there is a way of identifying "bad" exit
> nodes?  Do people who are more technical than me (not hard!) somehow
> search for exit nodes with interesting configurations?  Or, unless
> you use StrictExitNodes and are confident of the honesty of the
> operator, are you simply hoping the exit node owner is benign?

In addition to Marek's scanner (which I'd be very interested in hearing
more about ;)) there's also the SoaT Exit Scanner which Mike Perry wrote.
It compares the results of queries made across Tor to those made over a
direct connection to look for things like SSL certificate tampering and
HTTP header or content modification. It also checks for suspicious exit
policies such as allowing insecure protocols like POP and IMAP, but not
allowing the corresponding secure protocol (POPS/IMAPS). There's a nice
overview of its capabilities in Mike's Tor Network Analysis paper [0].

The scanner occasionally finds interesting things, but it's not seeing a
lot of use at the moment as it's a bit of a chore to wade through the
false positives. I'm working on improving it as part of Google Summer of
Code, so if you're really interested, I post occasional updates on my
progress with it at [1], and hopefully by the end of the summer things
will have have progressed enough for the scanner to see more active use.

[0] http://fscked.org/talks/TorFlow-HotPETS-final.pdf
[1] http://anomos.info/~john/gsoc
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkweis8ACgkQke2DTaHTnQmwUACgn2SzALUfDJWEugnu/I2hm/2u
ArcAmwQ6XQ/XrQMOMNh6g052VDjNAOvT
=dv8M
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkweixEACgkQke2DTaHTnQnnswCghF390y5dUOv/qyn4qRX3XgsE
yjIAn2/xiG4dtBmTvuobOvU8/dV/yYPU
=C4RN
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list