another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2

Praedor Atrebates praedor at yahoo.com
Mon Feb 9 21:49:08 UTC 2009 

Another option would be for users to block any and all S. Korean nodes as exits.  Exclude any S. Korean exit nodes and no matter what "apple" does, you wont get caught.

On Monday 09 February 2009 16:42:56 Scott Bennett wrote:
>      On Mon, 9 Feb 2009 19:23:36 +0100 Ansgar Wiechers <tor at planetcobalt.net>
> wrote:
> >On 2009-02-09 phobos at rootme.org wrote:
> >> On Mon, Feb 09, 2009 at 09:07:15AM -0600, bennett at cs.niu.edu wrote 1.4K bytes in 26 lines about:
> >> :      An unnamed exit with fingerprint $8424E8653469B1EFF87E79E8599933A3BAF8FDB2
> >> : is redirecting HTTP port 80 to
> >> 
> >> Ah, 'apple'.  Again they try this exact same tactic.  Silly people.
> >
> >Please elaborate, because I have no idea what you're referring to? Feel
> >free to e-mail me in private should this be old news for the rest of the
> >list.
> >
>      Some time ago, a tor relay called "apple" appeared.  "apple" was found
> to be a crooked exit relay in that it was replacing the URLs of its exiting
> traffic with URLs of the form
> 
> https://kangnam.megapass.net:7003/index.html?sso=121.138.5.103&no=8403&origin=OriginalURL
> 
> where "OriginalURL" was the URL requested by whatever tor client built the
> circuit using "apple" as its exit relay.  "apple" frequently restarted under
> different IP addresses.  Its perfidy was reported here, and eventually [*ahem*]
> the directory authority operators flagged it as a BADEXIT, so that tor clients
> around the globe would avoid using "apple" as an exit.
>      "apple" disappeared after that for a time, but now it's back.  It still
> uses varying IP addresses, but has changed its private OR key, perhaps to avoid
> recognition as a bad exit.  Unfortunately, there is no good way for the
> software to recognize a corrupt tor operator, but it should be given a BADEXIT
> flag for its *name*, as well as its new key, to force "apple"'s crooked
> operator to change his/her relay's torrc file next time.  It isn't much, but
> anything is a help.

-- 
"An imbalance between rich and poor is the oldest and most fatal ailment of all republics."
--Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090209/8c418c39/attachment.pgp>

More information about the tor-talk mailing list