[tor-relays] badexit 29378422C99074D06331D5700E47451610B0D20D

teor teor2345 at gmail.com
Sun Jul 30 02:11:18 UTC 2017


Hi,

I've cc'd bad-relays with this report.

Please send reports of bad relays to bad-relays at lists.torproject.org.

> On 30 Jul 2017, at 02:56, eric gisse <jowr.pi at gmail.com> wrote:
> 
> it looks like i've found an exit node mitm-ing ssh, or at least giving
> it a shot.
> 
> https://atlas.torproject.org/#details/29378422C99074D06331D5700E47451610B0D20
> 
> that exit policy looks more like a wishlist than anything else, at this point.
> 
> notice all 3 sites have different clear wire ssh keys (obviously) but
> all the same when connecting over tor. what a coincidence!
> 
> module code:
> https://github.com/jowrjowr/exitmap/blob/master/src/modules/sshmitm.py
> 
> #  ./bin/exitmap sshmitm -e 29378422C99074D06331D5700E47451610B0D20D
> 2017-07-29 16:52:36,797 exitmap [INFO] Attempting to invoke Tor
> process in directory "/tmp/exitmap_tor_datadir-root".  This might take
> a while.
> 2017-07-29 16:52:36,798 exitmap [INFO] No first hop given.  Using
> randomly determined first hops for circuits.
> 2017-07-29 16:52:37,369 util [INFO] Tor Bootstrapped 0%: Starting
> 2017-07-29 16:52:41,942 util [INFO] Tor Bootstrapped 80%: Connecting
> to the Tor network
> 2017-07-29 16:52:41,943 exitmap [INFO] Successfully started Tor
> process (PID=31779).
> 2017-07-29 16:52:42,117 exitmap [INFO] Running module 'sshmitm'.
> 2017-07-29 16:52:42,269 modules.sshmitm [INFO] obtaining ssh key
> information for destinations
> 2017-07-29 16:52:42,269 modules.sshmitm [INFO] getting key for github.com
> 2017-07-29 16:52:42,643 modules.sshmitm [INFO] getting key for gitlab.com
> 2017-07-29 16:52:42,889 modules.sshmitm [INFO] getting key for bitbucket.com
> 2017-07-29 16:52:58,807 relayselector [INFO] 216 relays have non-empty
> exit policy but no exit flag.
> 2017-07-29 16:52:58,816 relayselector [INFO] 1 out of 1000 exit relays
> meet all filter conditions.
> 2017-07-29 16:52:59,080 exitmap [INFO] Scan is estimated to take around 0:00:03.
> 2017-07-29 16:52:59,080 exitmap [INFO] Beginning to trigger 1 circuit
> creation(s).
> 2017-07-29 16:53:02,018 exitmap [INFO] Done triggering circuit
> creations after 0:00:02.937566.
> 2017-07-29 16:53:04,169 modules.sshmitm [CRITICAL] tor ssh key
> mismatch for github.com:22 (192.30.253.112) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==,
> over tor value:
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
> 2017-07-29 16:53:05,573 modules.sshmitm [CRITICAL] tor ssh key name
> mismatch for gitlab.com:22 (52.167.219.168) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> ssh-ed25519, over tor value: ssh-rsa
> 2017-07-29 16:53:05,574 modules.sshmitm [CRITICAL] tor ssh key
> mismatch for gitlab.com:22 (52.167.219.168) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf,
> over tor value:
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
> 2017-07-29 16:53:06,957 modules.sshmitm [CRITICAL] tor ssh key
> mismatch for bitbucket.com:22 (104.192.143.8) over exit relay
> 29378422C99074D06331D5700E47451610B0D20D clear wire value:
> AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==,
> over tor value:
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT
> 2017-07-29 16:53:06,959 eventhandler [INFO] Ran 1 module(s) in
> 0:00:30.168619 and 0/1 circuits failed (0.00%).
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170730/af8bfb37/attachment-0001.sig>


More information about the tor-relays mailing list