Forgot your password?
typodupeerror
Communications Encryption Networking Privacy The Internet

Spoiled Onions: Exposing Malicious Tor Exit Relays 65

Posted by timothy
from the just-tell-me-I'll-pass-on-the-message dept.
An anonymous reader points out this recently published study (PDF) on detecting malicious (or at least suspicious) Tor exit relays. From their conclusions: "After developing a scanner, we closely monitored all ~1000 exit relays over a period of four months. Wed discovered 25 relays which were either outright malicious or simply misconfigured. Interestingly, the majority of the attacks were coordinated instead of being isolated actions of independent individuals. Our results further suggest that the attackers made an active effort to remain under the radar and delay detection." One of the authors, Philipp Winter, wrote a followup blog post to help clarify what the paper's findings mean for Tor users, including this clarification: "First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays 'in the wild."
This discussion has been archived. No new comments can be posted.

Spoiled Onions: Exposing Malicious Tor Exit Relays

Comments Filter:
  • by flonker (526111) on Sunday January 26, 2014 @03:10AM (#46071427)

    The primary development goal of Tor is to prevent the request from being traced back to the requester. (As a secondary effect, it also bypasses various national/regional content blocking schemes.) Malicious exit relays are detrimental, but in theory the user should be aware of the trust issues involved. I would label this as a user education issue.

    The major points being:

    • If your traffic is on the Internet, unless it is encrypted (such as by SSL), it can be passively monitored with only moderate effort.
    • If you are using Tor to reach the Internet, your traffic can't be traced back to you, but it still goes out over the Internet; see the previous point for more details. Tor can do nothing once the traffic is back on the Internet.
    • Attacks such as sslstrip exist. Be on guard against them.
  • by hairyfeet (841228) <bassbeast1968.gmail@com> on Sunday January 26, 2014 @12:45PM (#46073785) Journal

    Which is why you had better be wealthy and without family if you plan on running an exit node or use Freenet, as the way it was explained to me by a friend in the state crime lab anybody whose system accesses CP (which is easy for the cops to find out as they often leave CP sites running after they bust them as honeypots, they simply replace the video files with junk while leaving the screencaps up to entice the pedo to try to download the vids) is legally distributing, doesn't matter if they could actually see the files or even if they were encrypted, if it passes through your IP address to somewhere else its distribution.

    This is why I've been saying for years to ALWAYS fight against expanding the CP laws, as the ones that have been on the books since the 70s worked perfectly fine and they purposely make the new ones as vague as possible to cast the widest net. If you want proof just look at the 2 guys in prison now for thoughtcrimes. 1 wrote the supposedly "pro pedo" book, no pics, no telling people to go rape kids, just his thoughts on the subject written down sent him to jail and with the other one his own therapist told him to write down his fantasies and thoughts so they could discuss them, again NO evidence that they were anything but fantasies, no CP found, he was thrown in jail simply for words on a page.

    If this doesn't scare the hell out of everybody I don't know what will, we literally have thoughtcrimes landing people in jail and simply trying to help dissidents in China and Syria can literally send you to prison for life and even if you manage to fight back and win in court it will break you, cost you years, probably your job and friendships. I don't know about everybody else but this isn't the country my grandfather fought for in WWII, in fact its looking more and more like the country he fought against.

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...