[tor-talk] New to list and questions about exit nodes
developerchris at rebel.com.au
Sat Nov 2 06:33:33 UTC 2013
I got to speak with my acquaintance about his experience. Sadly It was as
bad but not as quick as I was told.
He told me within a three week period of setting up the tor exit node he
considered his entire internal network compromised as several of his
machines showed signs of being compromised. I didn't get to ask the
specifics of that. But knowing this person as I do when he says compromised,
it is not something you take lightly.
He reformatted and rebuilt every machine from known good sources and sworn
Please keep the replies civil. I know there is one in every crowd. Don't be
On 26/10/2013 10:25 AM, DeveloperChris wrote:
> Hi Roger
> Thanks. I need to confirm the story as I got it through a third party.
> What you are suggesting is a rooky mistake. If he says he was compromised
> I can tell you for sure he was compromised.
> I will see him in a few days so I'll ask him directly.
> I appreciate the links. I am trying to come up to speed in double quick
> time. I have some pretty big plans where I hope to convince lots of people
> too join Tor. but I cannot in all good conscience, if it opens them up to
> any form of abuse or excessive risk. I must also be able to explain what
> those risks are. The people I am appealing too are good hearted not
> network savvy.
> My initial reaction was to dump my plans but decided hearsay was not a
> strong enough reason, I needed to know more. Perhaps I should not have put
> as much faith into the words of the third party.
> Oh and I just noticed. I meant acquaintance not acquittance damn spell
> On 26/10/2013 5:34 AM, Roger Dingledine wrote:
>> On Fri, Oct 25, 2013 at 06:01:51PM +1030, DeveloperChris wrote:
>>> An acquittance of mine created a tor exit node, I know little detail
>>> more than that other than he was banned by services such as skype
>>> and ebay. and apparently the machine he used was hacked. Now I know
>>> he is very security conscious and not a newb. If he was hacked it
>>> was by professionals. He is a network engineer.
>>> Apparently he pulled the exit node and wiped the machine.
>> Just so somebody's said it: there's a good chance that the machine
>> wasn't compromised. There are some jerks out there who use Tor to send
>> application-level traffic to webservers that tries to break into the
>> webserver. Somebody watching the webserver (or watching its network)
>> will notice the attack -- but since most attacks these days come through
>> compromised computers that are used as 'stepping stones', the mail that
>> the website operator sends won't say "stop attacking me!", but rather
>> it will say "your computer appears to be compromised." They don't have
>> any idea that it's running a Tor exit relay (and in many cases they have
>> no idea that something like Tor exists).
>> Then it's easy for the Tor relay operator to say "oh crap somebody on
>> the Internet told me my computer is compromised." (And to be fair, it's
>> hard for them to convince themselves that it's not true, so his response
>> in this case of "let's wipe it to be sure" was not unreasonable.)
>> See also
More information about the tor-talk