[tor-relays] IP addresses as false positives?

grarpamp grarpamp at gmail.com
Mon Jan 5 19:38:32 UTC 2015

On Mon, Jan 5, 2015 at 10:36 AM, eliaz <eliaz at riseup.net> wrote:
> Do you mean my streams in particular or all streams?

Unless you're passing identifiable info over http, the exit
wouldn't have data to target anyone. All streams are possible.

> I run in a dedicated low-power box on my LAN, to save electricity. Is
> that as good as a VM?

Whichever way you like. If you've got all sorts of virii/malware
going on in an environment of exposure you wouldn't want
your regular personal files or activities exposed to that.

> I don't know  how to confirm that exits are MITMs. I can post the FPs of

Turn off TBB, Tor, bridge, vidalia, socks, everything about tor.
Browse to the same place/url you got an alert with normal Firefox
over clearnet See if you get an alert.

> the ones that show up, though. So far all the alerts lead me to
> recognizable nodes that show up OK in Atlas, etc.

Others have not reporting 'all these alerts' and exits "several days".
If you wanted to you could post the name and version
of your "AV program" and your OS version.
And the full text of one of these alerts (if it's not
sensitive to you) and the exit FP.

> last popup. I guess I should get up to speed in wireshark, but it's
> gonna result in a monster file by the time it catches anything.

Put this in your filter
tcp[13] | 24 != 24 && tcp[13] | 16 != 16

More information about the tor-relays mailing list