Analyzing TOR-exitnodes for anomalies
Alexander W. Janssen
yalla at ynfonatic.de
Thu Oct 5 13:48:57 UTC 2006
On Thu, Oct 05, 2006 at 09:31:47PM +0800, Deephay wrote:
> Also, the logo "linux-magazine.com what you need, when you
> need it" is a image or just text?
Exactly the same page is at http://www.wdr.tv/.
The content of that page is (gathered with tcpdump):
<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
<frame
src="http://searchportal.information.com/?a_id=20223&domainname=wdr.tv">
</frameset>
I don't know what the variable a_id is about - maybe a customer-id? However,
domainname can be set to any arbitrary value.
This seems to be the company behind it: http://oversee.net/
> Maybe it is a DNS poisoning job, maybe some guy runs a local DNS
> server as well as a tor node to make some profit by directing us to
> this bogus linux-magazine? Interesting.
Maybe, that would be an explantion considering how the searchportal-thing is
working.
However, I'm 75% through my second run with no results so far.
Will keep you updated.
> Deephay
Alex.
--
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
-- Simon Cameron, U.S. Senator, on the Smithsonian Institute, 1901.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20061005/f717ce50/attachment.pgp>
More information about the tor-talk
mailing list