[tor-talk] There is some rotten in the state of Denmark

torrorist at vmail.me torrorist at vmail.me
Thu Dec 13 00:47:06 UTC 2012


Good evening torrizens,

I have been looking through the relay descriptors for signs of 
malicious exit policy configurations and have found that the Tor network 
appears to be infested by a sniffer plague.

No worries, though, a friendly Torrorist is here to help.

Thanks to the attached mineral script you will be able to enumerate all 
the Tor relays that appear to have a malicious configuration.

By malicious configuration I mean that their fish_percent is > 50%.

fish_percent = (number_of_fishy_protocols / total_allowed_ports) * 100

number_of_fishy_protocols is how many plaintext protocols they are 
allowing to exit to, in the script this is only set to FTP, HTTP, and 
POP3, (23, 80, 110).

The script is in ruby and can be run like so:

$ ruby findtherot.rb

Some of the results are false positives as they are exit enclaves, but 
you should be able to fine tune it to your best of needs.

Here is a run of it on the current list of descriptors:

--- BEGIN RUN ---

Finished reading file
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 18D3E7B7EAD5C3487B6AE158D949D719F0346F9F
Nickname: g0blin
Contact: tor-exit at g0blin.co.uk
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 78.46.112.248:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 7A4E1E0E0448DDD0ED14A9DDF0680AB0C643CDE3
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 91.215.109.195:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 3CA16AC8D03F7691DB7FB3496A44A4BCD4AB17B5
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 220.233.93.31:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 5B529E24CC63C9BEB910C22BCB2789AE5C69D9D9
Nickname: PrivacyRepublic11
Contact: Privacy Republic < tor-nodes��AT privacyrepublic do torg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.11:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 70B5EB8EAC13FD914E6CA1E80691025BCAA2E9D8
Nickname: PrivacyRepublic01
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 94.23.73.182:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 716E6F8D18D9D9BE260C69BA7A772E634C895B93
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 78.30.241.238:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 613E352EAABBB449B2D5E4C0A634D801854C2759
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 58.8.240.111:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 8B97603E4991ADB5A97DEFFD52CDD9ECDD4AF885
Nickname: bolobolo1
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 79.112.33.40:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 7C390BF3E0A1755BC57E23774CF16C9889399360
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 142.166.216.56:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 1D790438D572968C6D94AA8EC1A89E5C0AA3B27A
Nickname: PrivacyRepublic02
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 94.23.70.173:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: BCCDE7825AB6990FEB9EE0A9443223E08FD3F02E
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 182.188.219.125:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: DE4E00EE16D10DC057659B3A594BDAF2CE1B2314
Nickname: PrivacyRepublic05
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.5:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 30BAB8EE7606CBD12F3CC269AE976E0153E7A58D
Nickname: Pascal1
Contact: Pascal666 at Users dot SourceForge dot Net
Exit Policy:
* accept 173.213.78.125:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 61DC528F35A93B24109DCE84BB1E3BC3BC2F0399
Nickname: PrivacyRepublic04
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.4:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: FFCAE9DA857E8FBD75E37357C8244DDD0B0B2172
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 91.220.51.2:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 11C1BA3C22FE9EBC830AD16B7B69B5CBF84AEE42
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 121.72.120.134:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: C9EC211824F8AC5FF377F62EAE1B57FE70AB7085
Nickname: BFFofDURRUTI
Contact:
Exit Policy:
* accept 74.207.232.129:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 4328A431EB7C8FB459844BADC6F32760B149E42B
Nickname: MDJM002
Contact: Dolan Duck cats at null.net
Exit Policy:
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: C913456D40BB3A564F75529BC5C2D31DA858839B
Nickname: PrivacyRepublic07
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.7:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 8E60E4D6885862AC2346C1AE2335E6699052D83E
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 88.173.200.107:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 79A83A814C2C1721CD8743116867D8819CB543F2
Nickname: 12oka12
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 61.117.137.81:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 256BD84073EBE6289059F7EEED2B36D958095170
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 75.73.149.156:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 78C46E0C55EE8EB0A51332ADFAB1CC138447A588
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 41.108.58.194:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: BDB507AC02DC3AF1890A58F318FE68FC64CACCDE
Nickname: thegoddamnpenisblue
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 85.17.45.91:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 32A8BAA6BDEDF362D5376A1DED9BE3B86E47F214
Nickname: krzyszpPL2
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 192.166.218.170:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: C462AC9EA14A60F3CEF57C5728388A31A46AB627
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 31.176.202.47:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 9D796E9F36CC43D256CE0D88680C64B0118791FE
Nickname: ffrraanklyn
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 75.101.235.247:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 1C0F296FD382A53E3858473CFD997CE0CD2BE142
Nickname: cornholi0
Contact: me <claus AT mrlinux dot de>
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 178.77.102.213:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 3D3629165388B0B4E2596AACE550914BC81EE3C4
Nickname: PrivacyRepublic06
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.6:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 35A0007DF51DAEC83101CEF97FBE1B2A1ACBAAB1
Nickname: pinkiwinki
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 46.4.200.252:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 81FD2705586F4B9751A6B65EB39FBA036264B94B
Nickname: PrivacyRepublic09
Contact: Privacy Republic < tor-nodes��AT privacyrepublic do torg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.9:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 20C13A5C1CFC50CA64B21AF2720DEF79FB3441EB
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 89.178.81.246:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 237C733E2D1BAD26FAABEAFB612BDA0CD3BC6AF4
Nickname: Pascal0
Contact: Pascal666 at Users dot SourceForge dot Net
Exit Policy:
* accept 173.213.78.125:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 9FB81A0DA4D6787A2CCDD6DB0B69448D64024AF4
Nickname: PrivacyRepublic03
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 94.23.68.252:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 55427F63A0D54C1A6E36B01C247AEFC39442C2AA
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 95.79.13.228:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: AC51642FA7A01C47B66F9747ABB41A2BC07C41F4
Nickname: servicePublic2
Contact: tor-mngr AT scalaire dot fr
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 87.98.178.61:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 3973E06552A0F98D0BBEDDFF71F8C271C37A74F0
Nickname: gucklucky
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 78.47.174.125:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 475D659AE5EE7D1B13636E1FBDDF28021BB68371
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 186.80.92.123:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 6D77D6BFF879C95EC8E8350E2C564BB5A491D27F
Nickname: aknom
Contact: Aknom <aknom-tor-relay mailsign gmx DOT net>
Exit Policy:
* accept 87.118.92.122:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: DBF95AAA6C8EE6221218717AD68FF92603482F81
Nickname: PrivacyRepublic12
Contact: Privacy Republic < tor-nodes��AT privacyrepublic do torg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.64:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 9AF8A1577F7202BEC7F72FE2B895D3ED752CD2C7
Nickname: PrivacyRepublic13
Contact: Privacy Republic < tor-nodes��AT privacyrepublic do torg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.65:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 76F5A148E5FE50533B3EE603CF84E6629FB56640
Nickname: PrivacyRepublic10
Contact: Privacy Republic < tor-nodes��AT privacyrepublic do torg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.10:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 139480A49B194EBD2E01BAF482B1F6925D6B26BC
Nickname: PrivacyRepublic14
Contact: Privacy Republic < tor-nodes��AT privacyrepublic do torg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.66:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: A9A714EEC56C9F549227F89EF6EDFE39F565654F
Nickname: zoran
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 85.74.58.198:*
* accept *:80
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: 537EE7DE1A7A1E585A05C4B8534A87A6FA4E2617
Nickname: PrivacyRepublic08
Contact: Privacy Republic < tor-nodes��AT privacyrepublic dotorg >
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 5.135.54.8:*
* accept *:80
* accept *:110
* reject *:*
------------------------------------
- There is some rotten in Denmark! -
------------------------------------
Fingerprint: D905E90C62E5E71D162236895B6EAF3404102DE6
Nickname: Unnamed
Contact:
Exit Policy:
* reject 0.0.0.0/8:*
* reject 169.254.0.0/16:*
* reject 127.0.0.0/8:*
* reject 192.168.0.0/16:*
* reject 10.0.0.0/8:*
* reject 172.16.0.0/12:*
* reject 78.30.241.238:*
* accept *:80
* reject *:*

--- END RUN ---


And here is the script:


--- BEGIN findtherot.rb ---

require "rubygems"
require "json"

def parse_port port
   if port.include? '-'
     start_port, end_port = port.split('-')
     return (start_port.to_i ... end_port.to_i).to_a
   elsif port == '*'
     return (1 ... 2**16).to_a
   else
     return [port.to_i]
   end
end

def parse_exit_rule rule_line
   rule = rule_line.split(' ')[1]
   addresses, ports = rule.split(':')
   ports = parse_port ports
   return ports
end

def parse_exit_policy exitpolicy
   rejected_ports = []
   allowed_ports = []

   exitpolicy.each do |rule|
     if rule == 'reject *:*'
       next
     end
     ports = parse_exit_rule rule

     if rule.to_str =~ /^reject/
       rejected_ports += ports
     elsif rule.to_str =~ /^accept/
       allowed_ports += ports
     end
   end

   return allowed_ports, rejected_ports
end

`curl https://onionoo.torproject.org/details -o relays`

file = File.open("relays", "r")
parsed_details = JSON.parse(file.readlines.to_s)

puts "Finished reading file"

exitpolicies = {}

fishy_protocols = [23, 80, 110]

relays = parsed_details['relays']
relays.each do |relay|
   #puts "analyzing #{relay['nickname']}"
   allow, reject = parse_exit_policy relay['exit_policy']
   total_allowed_ports = allow.length
   #number_of_good_protocols = (allow & good_protocols).length
   number_of_fishy_protocols = (allow & fishy_protocols).length

   if total_allowed_ports == 0:
     fish_percent = 0
   else
     fish_percent = (number_of_fishy_protocols / total_allowed_ports) * 
100
   end

   if fish_percent > 50
     puts "------------------------------------"
     puts "- There is some rotten in Denmark! -"
     puts "------------------------------------"
     puts "Fingerprint: #{relay['fingerprint']}"
     puts "Nickname: #{relay['nickname']}"
     puts "Contact: #{relay['contact']}"
     puts "Exit Policy: #{relay['exit_policy']}"
   end

end

--- END SCRIPT ---

Have fun and beware of the sniffers, they hide everywhere.

== Torrorist n0



More information about the tor-talk mailing list