Traffic Logging Suggestion

Jonathan D. Proulx jon at csail.mit.edu
Fri Aug 18 13:57:13 UTC 2006


On Thu, Aug 17, 2006 at 10:36:01PM +0200, David T. wrote:
:>I do believe one Russian exit node (was/is?) doing that .. by posting
:>usernames/passwords (I guess they're dunning dsniff or whatever on their
:>TOR box and piping the output to a webserver).
:>
:>Their stated motivation for this was to drive home the point about
:>end-to-end encryption, but I question their methods, which brings me to
:
:http://tor.unixgu.ru/

So should we be worried about the people who are pulishing (a sanitized
version of) their actions or the people who discretely trolling
through the traffic for their own more nafarious purposes?

Their point is valid and while other have made it in theory I've never
seen it generate much in the way of discussion, but when you see the
number of credentials these people are getting (not to mention the
associated traffic) it seems to really make people think.

The big point is you can't *really* trust the exit node, that's not
the way TOR works.  You can have reasonable trust that the exit node
can't get your IP from the available routing info, but any plain text
you send through is well plain text on the way out...

You should assume all exit nodes are doing this, not because they are,
but becasue they could be, or other nodes on their local network could
be.

-Jon



More information about the tor-talk mailing list