Banners injected in web pages at exit nodes TRHCourtney*

John Brooks special at dereferenced.net
Tue Jun 2 11:36:43 UTC 2009


Definitely abusive. Fortunately, because of how nearby most of the IPs
are, Tor will treat them as family even if the operator neglected to,
so it doesn't pose a risk to anonymity (other than the one outlying
node, but even then it's a maximum of two), but this definitely looks
like a badexit situation.

Honestly, why does somebody run a tor node if they keep
connection/session logs? Seems like an odd place to look for a
paycheck.

  - John Brooks

On Tue, Jun 2, 2009 at 4:52 AM, Alexander Cherepanov <cherepan at mccme.ru> wrote:
> Hello!
>
> Just stumbled upon a banner injected in html at tor exit node.
> Nodes in question:
>
>  router TRHCourtney01 94.76.246.74 443 0 9030
>  router TRHCourtney02 94.76.247.136 443 0 9030
>  router TRHCourtney03 94.76.247.137 443 0 9030
>  router TRHCourtney04 94.76.247.138 443 0 9030
>  router TRHCourtney05 94.76.247.139 443 0 9030
>  router TRHCourtney06 94.76.247.140 443 0 9030
>  router TRHCourtney07 94.76.247.141 443 0 9030
>  router TRHCourtney08 94.76.247.142 443 0 9030
>  router TRHCourtney09 94.76.247.143 443 0 9030
>  router TRHCourtney10 92.48.84.113 443 0 9030
>  contact Courtney TRH <courtney at nullroute.net>
>
> All of them inject a piece of html at end of web pages. Text under
> banner reads:
>
>  Courtney TOR/VPN & Wifi Exit Node :: Usage subject to Terms and
>  Conditions/Acceptable Use Policy :: Want to advertise here? Contact
>  us
>
> Check for yourself: http://www.torproject.org.TRHCourtney01.exit/ .
>
> Some more concerns. Page http://courtney.nullroute.net/ contains:
>
>  WARNING: The TOR Exit Node must *not* be used for illegal means.
>  Connection and session logs are kept and *will* be forwarded onto
>  the police in the event of an abuse report
>
> There is no family set for these nodes in descriptors.
>
> Port 110 (POP3) accepted in exit policy but not port 995 (POP3/SSL).
>
> Just to let you know.
>
> Alexander Cherepanov
>
>



More information about the tor-talk mailing list