-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 - -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
On Sat, Jun 19, 2010 at 10:20:19PM +0100, Matthew wrote: > I am curious to know if there is a way of identifying "bad" exit > nodes? Do people who are more technical than me (not hard!) somehow > search for exit nodes with interesting configurations? Or, unless > you use StrictExitNodes and are confident of the honesty of the > operator, are you simply hoping the exit node owner is benign? In addition to Marek's scanner (which I'd be very interested in hearing more about ;)) there's also the SoaT Exit Scanner which Mike Perry wrote. It compares the results of queries made across Tor to those made over a direct connection to look for things like SSL certificate tampering and HTTP header or content modification. It also checks for suspicious exit policies such as allowing insecure protocols like POP and IMAP, but not allowing the corresponding secure protocol (POPS/IMAPS). There's a nice overview of its capabilities in Mike's Tor Network Analysis paper [0]. The scanner occasionally finds interesting things, but it's not seeing a lot of use at the moment as it's a bit of a chore to wade through the false positives. I'm working on improving it as part of Google Summer of Code, so if you're really interested, I post occasional updates on my progress with it at [1], and hopefully by the end of the summer things will have have progressed enough for the scanner to see more active use. [0] http://fscked.org/talks/TorFlow-HotPETS-final.pdf [1] http://anomos.info/~john/gsoc - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEAREDAAYFAkweis8ACgkQke2DTaHTnQmwUACgn2SzALUfDJWEugnu/I2hm/2u ArcAmwQ6XQ/XrQMOMNh6g052VDjNAOvT =dv8M - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEAREDAAYFAkweixEACgkQke2DTaHTnQnnswCghF390y5dUOv/qyn4qRX3XgsE yjIAn2/xiG4dtBmTvuobOvU8/dV/yYPU =C4RN -----END PGP SIGNATURE----- *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/