[tor-talk] Russian Tor exit relay messing with traffic

Roger Dingledine arma at mit.edu
Fri Oct 24 04:39:40 UTC 2014


Hi Josh,

I tried to write this comment at the bottom of
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
but your comment system wouldn't let me write into the name and email
address boxes. So I've written it here.

"""
Thanks for the detailed analysis! We've now set the BadExit flag on
this relay, so others won't accidentally run across it. We certainly do
need more people thinking about more modules for the exitmap scanner. In
general, it seems like a tough arms race to play:
https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html
and as you say, the better approach is to have applications not blindly
trust unauthenticated bits they get from the Internet.

This discussion also reminds me of the very first misbehaving exit relay
we found:
https://lists.torproject.org/pipermail/tor-talk/2006-August/001766.html
It turned out to be a Tor relay in China that was getting attacking by
its ISP, and all the Tor users were just collateral damage from the ISP
attacking all its users. I think it is alas also hard to tell if this case
was a malicious Tor relay or an innocent Tor relay's malicious upstream.
"""

Thanks again for your help, and please let us know if we can be useful
to you in the future.

--Roger



More information about the tor-talk mailing list