The server on question was in this guy's house. He should be able to find something if it was compromised, and if not, he can easily backup his relay and wipe his hard drive. On Apr 7, 2016 6:48 PM, "Markus Koch" niftybunny@googlemail.com wrote:
The issue is: How do you know a exit server is compromised? As a CCNP I can configure a SPAN Port in 30 seconds and suck all the exit traffic out of it without any indication for the server owner. Even if he visit his server in the data center and no one visit their servers :/
2016-04-08 1:42 GMT+02:00 Green Dream greendream848@gmail.com:
Of course, but what would they make of it? They might have 200 perfectly legitimate Tor nodes already, making a blacklist absolutely useless.
So we should do nothing? This logic makes little sense. The directory authorities already have blacklist capabilities, and add known malicious relays to it as the need arises [1]. Sniffing traffic on an exit is a
good
enough reason to blacklist a node, as far as I can tell. So if we did
know
of government running or monitoring exits for this purpose, it would be sufficient reason to blacklist. This particular case is perhaps not so
clear
cut but I wouldn't be so quick to dismiss the idea of blacklisting.
- The blacklist used to be published here
https://trac.torproject.org/projects/tor/wiki/doc/badRelays but it's apparently no longer published.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays