[tor-talk] Systematically finding bad relays (was: Anecdotical experience of SSH MITM)
Philipp Winter
phw at nymity.ch
Wed Jul 19 20:02:57 UTC 2017
On Wed, Jul 19, 2017 at 01:43:32PM -0500, eric gisse wrote:
> Is there any notion of doing a sort of automated testing for things
> like this that can be easily proven?
Yes, the blog post I linked to contains some more information. We are
using tools such as exitmap [1] to systematically scan the network for
attacks such as DNS poisoning, SSL stripping, HTTPS MitM, and XMPP MitM,
just to name a few. We are always looking for more ideas on what to
scan for, so let us know if you have any!
[1] <https://gitweb.torproject.org/user/phw/exitmap.git/>
<https://nymity.ch/pdf/winter2014b.pdf>
More information about the tor-talk
mailing list