Ssh MITM attack when using tor
James Muir
jamuir at scs.carleton.ca
Fri Feb 2 21:04:55 UTC 2007
Juliusz Chroboczek wrote:
> What are you supposed to do when you notice a MITM attack? How do you
> find out the exit node, and where do you report it to?
>
> I'm running ssh as so:
>
> ssh -A -C -o 'ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050' "$@"
Just curious -- how does ssh inform you that a man-in-the-middle (i.e.
the exit node) is trying to victimize you?
If you have access to the logs on the machine you were ssh'ing into, you
should find the IP address of the exit node there. Once you have
identified the malicious exit node, I would inform one of the Tor
designers. In the future, you can turn on Tor's logging and look in the
log file there to see what your exit node is (you may have to turn off
"SafeLogging" in order to see Tor node names).
-James
More information about the tor-talk
mailing list