[tor-talk] New to list and questions about exit nodes

Michael Wolf mikewolf53 at gmail.com
Sat Nov 2 07:46:33 UTC 2013


On 11/2/2013 2:33 AM, DeveloperChris wrote:
> I got to speak with my acquaintance about his experience. Sadly It was
> as bad but not as quick as I was told.
> 
> He told me within a three week period of setting up the tor exit node he
> considered his entire internal network compromised as several of his
> machines showed signs of being compromised. I didn't get to ask the
> specifics of that. But knowing this person as I do when he says
> compromised, it is not something you take lightly.
> 
> He reformatted and rebuilt every machine from known good sources and
> sworn off Tor.
> 
> DC

I'm still inclined to believe any compromise was unrelated to Tor.  If
this was a Windows network, it is not unheard of for one machine to
infect the rest.  The infection could have started on any of the
machines over the 3 weeks (or even beforehand).  If it's a *nix
network... having one machine compromised is plausible (however
unlikely), but having an entire network compromise would suggest many
serious mistakes were made.  The fact that he reformatted suggests these
were Windows boxes (it makes little sense to reformat a *nix box unless
you've been rooted... and I can't imagine an entire *nix network being
rooted unless someone has REALLY screwed up).

I think if this conversation is to progress beyond "Tor got someone's
network hacked" <-> "No, it probably it didn't", we'll need some
specifics.  Perhaps this associate should join the tor-talk list?
Here's some specific information that would be relevant:

* OS (Specific version):

* Tor Version:

* Specific evidence that Tor Exit was compromised (what was it doing,
was there detected malware, what was the name of the malware, etc...):

* Specific evidence that other network machines were infected (with same
data as above... OS, running services, etc):

* Specific evidence that the Tor Exit was the source of the compromise:

I think until those facts are known, we're just spinning our wheels.



More information about the tor-talk mailing list