another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2

Scott Bennett bennett at cs.niu.edu
Mon Feb 9 15:36:45 UTC 2009


     On Mon, 9 Feb 2009 10:15:32 -0500 phobos at rootme.org wrote:
>On Mon, Feb 09, 2009 at 09:07:15AM -0600, bennett at cs.niu.edu wrote 1.4K bytes in 26 lines about:
>:      An unnamed exit with fingerprint $8424E8653469B1EFF87E79E8599933A3BAF8FDB2
>: is redirecting HTTP port 80 to
>
>Ah, 'apple'.  Again they try this exact same tactic.  Silly people.
>
     Yes, but unfortunately that relay ranks fairly high in terms of data
rates, so it attracts a lot of traffic. :-(  I see that the fingerprint has
changed since the first time I added it to my ExcludeNodes list.  I notice
also that both kangnam.megapass.net (121.138.6.100) and the IP address that
appears in the bogus part of the substituted URL are in South Korea, which
is one of the worst cesspools of crackers, massmailers, and other undesirable
types that plague the Internet.
     I hope that work is still progressing on automated detection and flagging
of BADEXITs.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-talk mailing list