[tor-talk] Systematically finding bad relays (was: Anecdotical experience of SSH MITM)

Philipp Winter phw at nymity.ch
Wed Jul 19 22:30:23 UTC 2017


On Wed, Jul 19, 2017 at 04:39:41PM -0500, eric gisse wrote:
> Looking at the exitmap source, as I was curious what modules
> existed....the problem I see is that it does not have modules that are
> capable of the more difficult to pull off things like SSH honeypot
> detection.

The Tor Project maintains a second repository with more modules.
Unfortunately this repository is private because we are in an uphill
battle that is already difficult -- without our adversaries being able
to see what we scan for.  Here's some more information on that:
<https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html>

> The idea is solid but the implementation has to keep up with the
> times. Specific attack vectors like
> CVE-2014-3566 (or any other sort of TLS/SSL downgrade attack) need to
> be tested for, and all that. Which makes the "inverse-metasploit"
> notion all the more compelling.

Modules for that would be great.  If only there were more volunteers
working on these issues!

> Other things come to mind like testing for binary patching (eg, ninja
> exe patching).

The module "patchingCheck" (in src/modules/) does this for an executable
that's hosted on live.sysinternals.com.  Or were you thinking of
something else?


More information about the tor-talk mailing list