[tor-relays] Tor exit nodes attacking SSH?
Chad MILLER
chad at cornsilk.net
Thu Aug 10 01:32:16 UTC 2017
You choose your own path and exit. It couldn't be any node before your
chosen exit because of onion.
You can't look for incoming traffic on your ssh server to know the bad
node. You have to know your chosen exit from the client end, to know the
MITM.
On Aug 9, 2017 1:08 PM, "Alexander Nasonov" <alnsn at yandex.ru> wrote:
> me at eugenemolotov.ru wrote:
> > Make a "trap" ssh server (for example on virtualbox machine
> > without any sensitive data) and log in into it through tsocks.
> > After that check from which ip it was logged in. This probably
> > would be ip of the exit node.
>
> What if they "bridge" mitm-ed traffic to a different host?
>
> I saw a similar ssh warning few weeks ago but I wasn't prepared to
> identify the bad exit. I set SafeLogging to 0 and I will enable
> debugging via SIGUSR2 next time this happens. Can someone confirm
> whether it's a good way of identifying bad exits?
>
> --
> Alex
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170809/460e3fe4/attachment.html>
More information about the tor-relays
mailing list