[tor-talk] New to list and questions about exit nodes

DeveloperChris developerchris at rebel.com.au
Sat Nov 2 06:33:33 UTC 2013

I got to speak with my acquaintance about his experience. Sadly It was as 
bad but not as quick as I was told.

He told me within a three week period of setting up the tor exit node he 
considered his entire internal network compromised as several of his 
machines showed signs of being compromised. I didn't get to ask the 
specifics of that. But knowing this person as I do when he says compromised, 
it is not something you take lightly.

He reformatted and rebuilt every machine from known good sources and sworn 
off Tor.


Please keep the replies civil. I know there is one in every crowd. Don't be 
that one.

On 26/10/2013 10:25 AM, DeveloperChris wrote:
> Hi Roger
> Thanks. I need to confirm the story as I got it through a third party. 
> What you are suggesting is a rooky mistake. If he says he was compromised 
> I can tell you for sure he was compromised.
> I will see him in a few days so I'll ask him directly.
> I appreciate the links. I am trying to come up to speed in double quick 
> time. I have some pretty big plans where I hope to convince lots of people 
> too join Tor. but I cannot in all good conscience, if it opens them up to 
> any form of abuse or excessive risk. I must also be able to explain what 
> those risks are. The people I am appealing too are good hearted not 
> network savvy.
> My initial reaction was to dump my plans but decided hearsay was not a 
> strong enough reason, I needed to know more. Perhaps I should not have put 
> as much faith into the words of the third party.
> Oh and I just noticed. I meant acquaintance not acquittance damn spell 
> checkers.
> DC
> On 26/10/2013 5:34 AM, Roger Dingledine wrote:
>> On Fri, Oct 25, 2013 at 06:01:51PM +1030, DeveloperChris wrote:
>>> An acquittance of mine created a tor exit node, I know little detail
>>> more than that other than he was banned by services such as skype
>>> and ebay. and apparently the machine he used was hacked. Now I know
>>> he is very security conscious and not a newb. If he was hacked it
>>> was by professionals. He is a network engineer.
>>> Apparently he pulled the exit node and wiped the machine.
>> Just so somebody's said it: there's a good chance that the machine
>> wasn't compromised. There are some jerks out there who use Tor to send
>> application-level traffic to webservers that tries to break into the
>> webserver. Somebody watching the webserver (or watching its network)
>> will notice the attack -- but since most attacks these days come through
>> compromised computers that are used as 'stepping stones', the mail that
>> the website operator sends won't say "stop attacking me!", but rather
>> it will say "your computer appears to be compromised." They don't have
>> any idea that it's running a Tor exit relay (and in many cases they have
>> no idea that something like Tor exists).
>> Then it's easy for the Tor relay operator to say "oh crap somebody on
>> the Internet told me my computer is compromised." (And to be fair, it's
>> hard for them to convince themselves that it's not true, so his response
>> in this case of "let's wipe it to be sure" was not unreasonable.)
>> See also
>> https://www.torproject.org/docs/faq-abuse#TypicalAbuses
>> and
>> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
>> Thanks!
>> --Roger

More information about the tor-talk mailing list