Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - TOR - sniffing exit nodes InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

TOR - sniffing exit nodes

Published: 2007-09-11
Last Updated: 2007-09-11 12:51:18 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

The (IT) press is buzzing somewhat with attacks against the onion router (TOR).
The problem is lies in an atack performed and used to gain access to mailboxes by creating and sniffing the unencrypted side of some Tor exit nodes.

From a technical perspective these attacks are known and documented in e.g. the Tor FAQ:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers

Tor -tries to- provide anonymity. Anonymity and security are two different beasts. When passing unencrypted traffic (such as POP3, IMAP etc) you are basically not only handing the malicious Tor exit node the contents of your email, but also -in many cases- the keys (login and password) to your mailbox.

--
Swa Frantzen -- NET2S

Keywords:
0 comment(s)
Diary Archives