Hello,
Recently, I installed a new Tor exit node. A few days later, I received an email on the address given in the node contact information. This email suggests to change the DNS server my node use, and gives me a specific IP address to use.
Here is the mail (obfuscated with sharps) :
EMAIL BEGIN *********************************** * Sender : info AT backplanedns DOT org * Subject : Your TOR node * Body : ** ** Hello, ** ** I came across your TOR relay on atlas. I run a few relays myself ** along with a bunch of DNS resolvers which are a part of the Open ** Root Server network (ORSN.org) - aimed to fight internet ** censorship and circumvent government surveillance programs ** (ie. prism). ** ** I hope you may be interested in using our anonymous open DNS ** resolvers on your relays. ** ** https://BackplaneDNS.org ** ** Resolver - 172.98.193.4# ** ** Resolver - 162.248.241.9# ** ** ------------------------------------------------------ ** ** Hostmaster@: ** Mr. D##### E#### H##### ** ** Phone: ** +1 (###) ###-#### ** ** E-Mail: ** info AT backplanedns DOT org ** abuse DOT backplanedns DOT org ** ** Linkedin: ** http://linkedin.com/in/d####-######-#########/ *********************************** EMAIL END
I think it could be an attack. If this person send this email to every new exit node operators, there may be a small percentage of rookie operators who will make the change. I found this webpage about Tor exit nodes and DNS : https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/
What do you think about this email ?
This guy sure is persistent!
Check out this recent thread: https://lists.torproject.org/pipermail/tor-relays/2017-September/012934.html
On Sep 12, 2017 11:17, jpmvtd261@laposte.net wrote:
Hello,
Recently, I installed a new Tor exit node. A few days later, I received an email on the address given in the node contact information. This email suggests to change the DNS server my node use, and gives me a specific IP address to use.
Here is the mail (obfuscated with sharps) :
EMAIL BEGIN
- Sender : info AT backplanedns DOT org
- Subject : Your TOR node
- Body :
** ** Hello, ** ** I came across your TOR relay on atlas. I run a few relays myself ** along with a bunch of DNS resolvers which are a part of the Open ** Root Server network (ORSN.org) - aimed to fight internet ** censorship and circumvent government surveillance programs ** (ie. prism). ** ** I hope you may be interested in using our anonymous open DNS ** resolvers on your relays. ** ** https://BackplaneDNS.org ** ** Resolver - 172.98.193.4# ** ** Resolver - 162.248.241.9# ** ** ------------------------------------------------------ ** ** Hostmaster@: ** Mr. D##### E#### H##### ** ** Phone: ** +1 (###) ###-#### ** ** E-Mail: ** info AT backplanedns DOT org ** abuse DOT backplanedns DOT org ** ** Linkedin: ** http://linkedin.com/in/d####-######-#########/
EMAIL END
I think it could be an attack. If this person send this email to every new exit node operators, there may be a small percentage of rookie operators who will make the change. I found this webpage about Tor exit nodes and DNS : https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/
What do you think about this email ?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
FWIW https://nymity.ch/tor-dns/
- -- Toralf PGP C4EACDDE 0076E94E
tor-relays@lists.torproject.org
-
jpmvtd261@laposte.net -
Toralf Förster -
Tyler Johnson