[tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration

tortalk at arcor.de tortalk at arcor.de
Sun Oct 30 08:57:04 UTC 2016

Hello Torusers,

Flipchan wrote:
> This only scans for openports right?

Not only. Otherwise you can't tell if there is a power plant on that port, a fridge or a toaster...or a Tor Node/User.


There is link on the site referring to

"Websites are just one part of the Internet. There are power plants, Smart TVs, refrigerators and much more that can be found with Shodan!"

Take a look what is happening these days, please. A toaster was hacked within one hour since connected to the internet:

"We built a fake web toaster, and it was compromised in an hour."

And you could get a slightly bigger picture with that article:

"Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert..."

Imagine, when a company shuts its doors after selling IoTs, these products (Satellites, EDPCs, bulbs, toaster, USB, akku, cars, drones...) will not get a (licenced) update to be protected from hacking or prohibited from sending alert msgs and assimilated by a borgnet. And as you can guess with 54 million alert pages companies reduce their employees and forget that some chaperoned IoTs alerts. Sometimes it is just easier/cheaper/faster to plug new things to the net than to repair the old.

I could not tell which is more worse to deanonymize a Tor user or to find such anonymous IoTs to switch on for someones own use.


More information about the tor-talk mailing list