The server on question was in this guy's house. He should be able to find something if it was compromised, and if not, he can easily backup his relay and wipe his hard drive.

On Apr 7, 2016 6:48 PM, "Markus Koch" <niftybunny@googlemail.com> wrote:
The issue is: How do you know a exit server is compromised? As a CCNP
I can configure a SPAN Port in 30 seconds and suck all the exit
traffic out of it without any indication for the server owner. Even if
he visit his server in the data center and no one visit their servers
:/


2016-04-08 1:42 GMT+02:00 Green Dream <greendream848@gmail.com>:
>> Of course, but what would they make of it? They might have 200
>> perfectly legitimate Tor nodes already, making a blacklist
>> absolutely useless.
>
> So we should do nothing? This logic makes little sense. The directory
> authorities already have blacklist capabilities, and add known malicious
> relays to it as the need arises [1]. Sniffing traffic on an exit is a good
> enough reason to blacklist a node, as far as I can tell. So if we did know
> of government running or monitoring exits for this purpose, it would be
> sufficient reason to blacklist. This particular case is perhaps not so clear
> cut but I wouldn't be so quick to dismiss the idea of blacklisting.
>
> 1) The blacklist used to be published here
> https://trac.torproject.org/projects/tor/wiki/doc/badRelays but it's
> apparently no longer published.
>
>
>
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays