[tor-talk] New to list and questions about exit nodes

DeveloperChris developerchris at rebel.com.au
Sat Nov 2 06:33:33 UTC 2013 

I got to speak with my acquaintance about his experience. Sadly It was as 
bad but not as quick as I was told.

He told me within a three week period of setting up the tor exit node he 
considered his entire internal network compromised as several of his 
machines showed signs of being compromised. I didn't get to ask the 
specifics of that. But knowing this person as I do when he says compromised, 
it is not something you take lightly.

He reformatted and rebuilt every machine from known good sources and sworn 
off Tor.

DC

Please keep the replies civil. I know there is one in every crowd. Don't be 
that one.


On 26/10/2013 10:25 AM, DeveloperChris wrote:
>
> Hi Roger
>
> Thanks. I need to confirm the story as I got it through a third party. 
> What you are suggesting is a rooky mistake. If he says he was compromised 
> I can tell you for sure he was compromised.
>
> I will see him in a few days so I'll ask him directly.
>
> I appreciate the links. I am trying to come up to speed in double quick 
> time. I have some pretty big plans where I hope to convince lots of people 
> too join Tor. but I cannot in all good conscience, if it opens them up to 
> any form of abuse or excessive risk. I must also be able to explain what 
> those risks are. The people I am appealing too are good hearted not 
> network savvy.
>
> My initial reaction was to dump my plans but decided hearsay was not a 
> strong enough reason, I needed to know more. Perhaps I should not have put 
> as much faith into the words of the third party.
>
> Oh and I just noticed. I meant acquaintance not acquittance damn spell 
> checkers.
>
> DC
>
>
> On 26/10/2013 5:34 AM, Roger Dingledine wrote:
>> On Fri, Oct 25, 2013 at 06:01:51PM +1030, DeveloperChris wrote:
>>> An acquittance of mine created a tor exit node, I know little detail
>>> more than that other than he was banned by services such as skype
>>> and ebay. and apparently the machine he used was hacked. Now I know
>>> he is very security conscious and not a newb. If he was hacked it
>>> was by professionals. He is a network engineer.
>>>
>>> Apparently he pulled the exit node and wiped the machine.
>> Just so somebody's said it: there's a good chance that the machine
>> wasn't compromised. There are some jerks out there who use Tor to send
>> application-level traffic to webservers that tries to break into the
>> webserver. Somebody watching the webserver (or watching its network)
>> will notice the attack -- but since most attacks these days come through
>> compromised computers that are used as 'stepping stones', the mail that
>> the website operator sends won't say "stop attacking me!", but rather
>> it will say "your computer appears to be compromised." They don't have
>> any idea that it's running a Tor exit relay (and in many cases they have
>> no idea that something like Tor exists).
>>
>> Then it's easy for the Tor relay operator to say "oh crap somebody on
>> the Internet told me my computer is compromised." (And to be fair, it's
>> hard for them to convince themselves that it's not true, so his response
>> in this case of "let's wipe it to be sure" was not unreasonable.)
>>
>> See also
>> https://www.torproject.org/docs/faq-abuse#TypicalAbuses
>> and
>> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
>>
>> Thanks!
>> --Roger
>>
>

More information about the tor-talk mailing list