Hi *Alexander W. Janssen* : > On Wed, Oct 04, 2006 at 08:45:03PM -0400, Claude LaFrenière wrote: >> Hmmm... Bogus exit nodes or bogus DNS servers ? > > One or the other way, brute forcing my way through all exit-nodes should > reveil it. Hopefully...
This is a lot a job. May be a very long investigation. You need data from the other Tor users about this issue. > >> Is it possible that the strange side effects comes, not from the exit nodes >> themselves, but from the DNS server used by these exit nodes ? > > Could be either way. Things which popped up in my mind: > 1) DNS poisoning > 2) Exit-node is behind a transparent proxy which is compromised or modified in > some way Yes! > 3) Outbound traffic from the exit-node gets DNATed away by some firewall ok and the fourth: some infected exit nodes with trojans, virus, worms... This limit the investigation to Windows exit nodes !!! ;-) (No such things with BSD/Linux I presume...) > > Things you could do: > 1) Replacing complete websites with link-farms (that's what happened me) > 2) Using a modified web-proxy which insert advertisement into the HTML-code > (possible, it's exactly the reverse of what Privoxy does) > 3) Filter content > 4) Replacing valid downloads by trojaned versions > 5) Replace all pictures of a website with a picture of the goatse-man... > 6) Modifying text in a subtle way using simple lex-programs (e.g. replace all > "must" by "could" or "police" by "SS") > 7) <insert favourite attack here> Or the German Tor exit nodes seized by the polizei... Did they return these computers with some "add on" ??? (Hmmm... to much paranoïd I guess... ;-) ) > >> Our suspicions about "bogus exit nodes" must be based on facts >> so I suggest to collect information about this issue here. > > My first run during the night was not very successful, most of the exitnodes > refused to talk to me. I'm in timezone GMT+2 and that's pretty normal for that > time of the day, I started another scan just minutes ago. Usually the > TOR-network is not that congested in the morning. OK. Let us know if you find somethings interresting. > >> What we can do is to report any "strange side effect" including: >> >> the link to the web site >> the resulting link with the redirection like the ones we're talking about >> the exit node used to access this web site > > Aye. Best regards, -- Claude LaFrenière