[tor-relays] Tor relays and exits exposing Privoxy publicly
krishna e bera
keb at cyblings.on.ca
Sun Nov 10 16:04:35 UTC 2013
On 13-11-10 08:04 AM, Claudio wrote:
> Some months ago I encountered a situation where a user running an exit
> node with a publicly exposed privoxy (intentionally or not, I'm not
> sure) was constantly receiving a number of requests directed to
> advertisement networks.
> Fundamentally, someone is/was running an infrastructure using exposed
> Privoxies to perform some sort of advertisement fraud.
Privoxy has never been part of the Tor relay configuration, AFAIK.
Privoxy was discontinued as part of the Tor client configuration a
couple of years ago.
Therefore such a phenomemon *should not* have anything to do with Tor
relays.
However there may be a few rogues who run Tor exits that cache or snoop
traffic or who simultaneously run other proxy services (for example
misconfigured home exit nodes). The Legal FAQ gives some advice on these
issues:
https://www.torproject.org/eff/tor-legal-faq.html.en
> It's been roughly documented also here:
> https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of-servers/
>
> Out of interest, I gave a quick look at existing relays and exists and
> it turns out that there's ~20 nodes exposing Privoxy on public IPs.
>
> Host: 46.65.12.134 (46-65-12-134.zone16.bethere.co.uk) Ports:
> 8118/open/tcp//privoxy///
> Host: 66.146.193.31 (sable.dredel.com) Ports: 8118/open/tcp//privoxy///
> Host: 66.180.193.219 (tor-proxy.die.net) Ports: 8118/open/tcp//privoxy///
> Host: 69.164.211.18 (nsi.mirt.net) Ports: 8118/open/tcp//privoxy///
> Host: 71.246.241.109 (koansys.com) Ports: 8118/open/tcp//privoxy///
> Host: 75.137.122.118 (75-137-122-118.dhcp.gnvl.sc.charter.com) Ports:
> 8118/open/tcp//privoxy///
> Host: 78.47.41.125 (maurer-web.wisseberger-jonges.de) Ports:
> 8118/open/tcp//privoxy///
> Host: 81.56.102.224 (perso.schenck.fr) Ports: 8118/open/tcp//privoxy///
> Host: 82.45.34.136 (cpc11-hawk13-2-0-cust135.aztw.cable.virginm.net)
> Ports: 8118/open/tcp//privoxy///
> Host: 93.207.83.51 (p5DCF5333.dip0.t-ipconnect.de) Ports:
> 8118/open/tcp//privoxy///
> Host: 95.140.34.187 (medea.tobias.vn) Ports: 8118/open/tcp//privoxy///
> Host: 95.140.34.188 (mikrobi.tobias.vn) Ports: 8118/open/tcp//privoxy///
> Host: 123.254.105.104 () Ports: 8118/open/tcp//privoxy///
> Host: 151.28.124.42 (ppp-42-124.28-151.libero.it) Ports:
> 8118/open/tcp//privoxy///
> Host: 162.243.5.88 () Ports: 8118/open/tcp//privoxy///
> Host: 165.154.108.120 () Ports: 8118/open/tcp//privoxy///
> Host: 176.31.127.140 (ks396886.kimsufi.com) Ports:
> 8118/open/tcp//privoxy///
> Host: 199.184.154.12 () Ports: 8118/open/tcp//privoxy///
>
> First thing first, I'm interested to know whether there's an actual
> reason for doing this or if it's something discouraged.
>
> Best,
> /nex
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 547 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131110/b892fcac/attachment.sig>
More information about the tor-relays
mailing list