Banners injected in web pages at exit nodes TRHCourtney*
special at dereferenced.net
Tue Jun 2 11:36:43 UTC 2009
Definitely abusive. Fortunately, because of how nearby most of the IPs
are, Tor will treat them as family even if the operator neglected to,
so it doesn't pose a risk to anonymity (other than the one outlying
node, but even then it's a maximum of two), but this definitely looks
like a badexit situation.
Honestly, why does somebody run a tor node if they keep
connection/session logs? Seems like an odd place to look for a
- John Brooks
On Tue, Jun 2, 2009 at 4:52 AM, Alexander Cherepanov <cherepan at mccme.ru> wrote:
> Just stumbled upon a banner injected in html at tor exit node.
> Nodes in question:
> router TRHCourtney01 22.214.171.124 443 0 9030
> router TRHCourtney02 126.96.36.199 443 0 9030
> router TRHCourtney03 188.8.131.52 443 0 9030
> router TRHCourtney04 184.108.40.206 443 0 9030
> router TRHCourtney05 220.127.116.11 443 0 9030
> router TRHCourtney06 18.104.22.168 443 0 9030
> router TRHCourtney07 22.214.171.124 443 0 9030
> router TRHCourtney08 126.96.36.199 443 0 9030
> router TRHCourtney09 188.8.131.52 443 0 9030
> router TRHCourtney10 184.108.40.206 443 0 9030
> contact Courtney TRH <courtney at nullroute.net>
> All of them inject a piece of html at end of web pages. Text under
> banner reads:
> Courtney TOR/VPN & Wifi Exit Node :: Usage subject to Terms and
> Conditions/Acceptable Use Policy :: Want to advertise here? Contact
> Check for yourself: http://www.torproject.org.TRHCourtney01.exit/ .
> Some more concerns. Page http://courtney.nullroute.net/ contains:
> WARNING: The TOR Exit Node must *not* be used for illegal means.
> Connection and session logs are kept and *will* be forwarded onto
> the police in the event of an abuse report
> There is no family set for these nodes in descriptors.
> Port 110 (POP3) accepted in exit policy but not port 995 (POP3/SSL).
> Just to let you know.
> Alexander Cherepanov
More information about the tor-talk