Malicious or crappily configured exit node
Hello! referring to https://trac.torproject.org/projects/tor/wiki/doc/badRelays, i sent this also to tor-assistances@tpo. Never got an answer though :( Now and then, I use Icedove with TorBirdy under Debian. While connecting to port 465 on my usual mailserver, using SSL, I sometimes get an SSL certificate alert. The certificate presented is not my usual certificate at all (which works without adding an exception), but one for cab.cabinethardwareparts.com, pretending to be my mailserver. [1] I've searched a bit for information on that exit node and found: http://torstatus.rueckgr.at/router_detail.php?FP=0cc9b8aa649881c39e948e70b66... This node has flags: fast, stable, guard... I tried it several times and the behaviour was repeatedly the same. Last time it happened was 10 days ago. Then again today. I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that? Thanks, u. [1] http://pix.toile-libre.org/upload/original/1399232278.png screenshot of the certificate
Hi, Excerpts from u's message of Wed May 14 13:16:21 +0200 2014:
I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that?
ExcludeNodes in torrc allows you to avoid this node, enjoy the docs at https://www.torproject.org/docs/tor-manual.html.en for details. ciao, -- [*Thomas Themel*] Wir muessen fuer die Freiheit planen und nicht nur fuer die [Albulastrasse 52] Sicherheit, auch wenn vielleicht aus keinem anderen Grund [ CH-8048 Zürich ] als dem, dass nur die Freiheit die Sicherheit sichern kann. [*+41 78 9070988*] - Karl Popper, "Die offene Gesellschaft und ihre Feinde"
Thomas Themel:
Excerpts from u's message of Wed May 14 13:16:21 +0200 2014:
I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that?
ExcludeNodes in torrc allows you to avoid this node, enjoy the docs at https://www.torproject.org/docs/tor-manual.html.en for details.
This is not really the question here. Such relay should get a BadExit flag from the directory authorities so that every Tor clients avoid it without having any extra configuration. -- Lunar <lunar@torproject.org>
Lunar:
Thomas Themel:
Excerpts from u's message of Wed May 14 13:16:21 +0200 2014:
I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that?
ExcludeNodes in torrc allows you to avoid this node, enjoy the docs at https://www.torproject.org/docs/tor-manual.html.en for details.
Thanks Thomas, that is what i did in the meantime.
This is not really the question here. Such relay should get a BadExit flag from the directory authorities so that every Tor clients avoid it without having any extra configuration.
+1. That was indeed the idea of starting this thread :) Lunar, is there a better place to report this than here? u.
On 14/05/14 23:16, u wrote:
Hello!
referring to https://trac.torproject.org/projects/tor/wiki/doc/badRelays, i sent this also to tor-assistances@tpo. Never got an answer though :(
One of the reason I've heard on other mailing lists, is that people sometimes get flagged as spam, and indeed your email is flagged as spam by gmail in my case. So if I didn't check my spam box, i would never have heard about your email despite being on this mailing list Chris
Now and then, I use Icedove with TorBirdy under Debian. While connecting to port 465 on my usual mailserver, using SSL, I sometimes get an SSL certificate alert. The certificate presented is not my usual certificate at all (which works without adding an exception), but one for cab.cabinethardwareparts.com, pretending to be my mailserver. [1]
I've searched a bit for information on that exit node and found: http://torstatus.rueckgr.at/router_detail.php?FP=0cc9b8aa649881c39e948e70b66... This node has flags: fast, stable, guard...
I tried it several times and the behaviour was repeatedly the same. Last time it happened was 10 days ago. Then again today.
I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that?
Thanks, u.
[1] http://pix.toile-libre.org/upload/original/1399232278.png screenshot of the certificate _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ...
On Wed, May 14, 2014 at 11:16:21AM +0000, u wrote:
I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that?
There isn't really a well-defined process but sending this to tor-assistants is fine. The relay now has the BadExit flag: <https://atlas.torproject.org/#details/0CC9B8AA649881C39E948E70B662772D8695C2E9> Thanks a lot for reporting this! Cheers, Philipp
Heya, Philipp Winter:
On Wed, May 14, 2014 at 11:16:21AM +0000, u wrote:
I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that?
There isn't really a well-defined process but sending this to tor-assistants is fine.
The relay now has the BadExit flag: <https://atlas.torproject.org/#details/0CC9B8AA649881C39E948E70B662772D8695C2E9>
Thanks a lot for reporting this!
Great! Thanks for reacting so quickly :) u.
participants (5)
-
Ch'Gans -
Lunar -
Philipp Winter -
Thomas Themel -
u