hijacked SSH sessions

Michael Holstein michael.holstein at csuohio.edu
Tue Oct 17 14:24:02 UTC 2006


There have been various TOR exit nodes that have been "behaving badly" 
lately (check the tor-talk list) .. some are doing frames, popups, etc 
.. there is a list of bad nodenames somewhere on that list (can't find 
it at hand..)

Personally, I wouldn't use any exit node in China .. use the 
ExcludeNodes part of your torrc.

~Mike.

Taka Khumbartha wrote:
> today i have had several attempted "man in the middle" attacks on my SSH sessions.  i am not sure which exit node(s) i was using, but the MD5 hash of the fingerprint of the spoofed host key is:
> 
> 4d:64:6f:bc:bf:4a:fa:bd:ce:00:b0:8e:c9:40:60:57
> 
> and it does not matter which host i connect to, the MD5 hash presented it always the same.
> 
> just a heads up
> 



More information about the tor-talk mailing list