Hello,
Recently, I installed a new Tor exit node. A few days later, I received an email on the address given in the node contact information. This email suggests to change the DNS server my node use, and gives me a specific IP address to use.
Here is the mail (obfuscated with sharps) :
EMAIL BEGIN *********************************** * Sender : info AT backplanedns DOT org * Subject : Your TOR node * Body : ** ** Hello, ** ** I came across your TOR relay on atlas. I run a few relays myself ** along with a bunch of DNS resolvers which are a part of the Open ** Root Server network (ORSN.org) - aimed to fight internet ** censorship and circumvent government surveillance programs ** (ie. prism). ** ** I hope you may be interested in using our anonymous open DNS ** resolvers on your relays. ** ** https://BackplaneDNS.org ** ** Resolver - 172.98.193.4# ** ** Resolver - 162.248.241.9# ** ** ------------------------------------------------------ ** ** Hostmaster@: ** Mr. D##### E#### H##### ** ** Phone: ** +1 (###) ###-#### ** ** E-Mail: ** info AT backplanedns DOT org ** abuse DOT backplanedns DOT org ** ** Linkedin: ** http://linkedin.com/in/d####-######-#########/ *********************************** EMAIL END
I think it could be an attack. If this person send this email to every new exit node operators, there may be a small percentage of rookie operators who will make the change. I found this webpage about Tor exit nodes and DNS : https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/
What do you think about this email ?