Excluding exit nodes
Aplin, Justin M
jmaplin at ufl.edu
Sun Feb 13 16:17:10 UTC 2011
On 2/13/2011 10:19 AM, Tomasz Moskal wrote:
[snip]
> How someone can recognise if an exit node *might* be doing something
> suspicious - like sniffing traffic for passwords? As far as I can tell
> (with my limited knowledge that is!) it's by checking which ports the
> node in question is making available. And if there are not the standards
> one then it *could* do something nasty - which of course don't mean it
> does. Could you clarify this whole "rouge/bad/evil" nodes matter
I think it's worth mentioning that as an end-user you might be focusing
on the wrong issues here. While there *may* be some nodes (exactly which
is perpetually unknown) that record unencrypted traffic, it's more
important to make sure that your private data (such as login
credentials, text containing your whereabouts, etc) is encrypted
end-to-end than to worry about excluding every "possibly bad" exit node.
For example, it's much easier to use the https version of a website
instead of http to protect a username/password combination than it would
be to hunt down anyone who might be trying to record your http
connection (as recording the encrypted https traffic would yield them
nothing). The same logic applies to other tools as well, examples being
using the encrypted ssh and sftp over telnet and ftp, respectively.
See
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad
if you haven't already.
To answer your other question, as I understand it, the traditional
definition of "bad" exit nodes has been ones that manipulate (actually
change, rather than simply record) data as they pass through the node.
These nodes are automatically awarded the "BadExit" flag and are not
used as exits, so the end-user need not worry about them. Exactly
whether using an asinine exit polixy should cause a node to be
considered malicious has been a point of argument over the last week or
so here, and relates only to the sniffing of unencrypted traffic. So
again, make sure to use encrypted protocols wherever possible, and don't
send any personally-identifiable information when forced to use
unencrypted protocols, and you should be fine.
Others will be better able to answer the other questions you had. Good
luck, and stay safe!
~Justin Aplin
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list