[tor-talk] New to list and questions about exit nodes

[Roger Dingledine]

On Fri, Oct 25, 2013 at 06:01:51PM +1030, DeveloperChris wrote:
> An acquittance of mine created a tor exit node, I know little detail
> more than that other than he was banned by services such as skype
> and ebay. and apparently the machine he used was hacked. Now I know
> he is very security conscious and not a newb. If he was hacked it
> was by professionals. He is a network engineer.
> 
> Apparently he pulled the exit node and wiped the machine.

Just so somebody's said it: there's a good chance that the machine
wasn't compromised. There are some jerks out there who use Tor to send
application-level traffic to webservers that tries to break into the
webserver. Somebody watching the webserver (or watching its network)
will notice the attack -- but since most attacks these days come through
compromised computers that are used as 'stepping stones', the mail that
the website operator sends won't say "stop attacking me!", but rather
it will say "your computer appears to be compromised." They don't have
any idea that it's running a Tor exit relay (and in many cases they have
no idea that something like Tor exists).

Then it's easy for the Tor relay operator to say "oh crap somebody on
the Internet told me my computer is compromised." (And to be fair, it's
hard for them to convince themselves that it's not true, so his response
in this case of "let's wipe it to be sure" was not unreasonable.)

See also
https://www.torproject.org/docs/faq-abuse#TypicalAbuses
and
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines

Thanks!
--Roger